Method and apparatus for assigning mobile subscriber identification information to multiple devices

ABSTRACT

Aspects of the subject disclosure may include, for example, a system that manages utilization of mobile subscriber identity information including enabling use of such information by different communication devices. The use of the same mobile subscriber identity information by multiple devices can be based on detecting device identification information associated with a registration request. Other embodiments are disclosed.

CROSS REFERENCE TO RELATED APPLICATION(S)

This application is a continuation of U.S. patent application Ser. No.15/265,396, filed on Sep. 14, 2016. All sections of the aforementionedapplication(s) are incorporated herein by reference in their entirety.

FIELD OF THE DISCLOSURE

The subject disclosure relates to a method and apparatus for assigningmobile subscriber identification information to multiple devices.

BACKGROUND

Mobile communication devices register with networks so that the devicescan provide communication services to subscribers. The registrationprocess requires exchanging messages between the mobile communicationdevice and network device(s), as well as exchanging messages betweennetwork devices.

As an example as illustrated in FIG. 1, a device can provide mobilesubscriber identification information to the network at 101 which isreceived by a registration function (e.g., a Home Location Register(HLR)). Various information can be exchanged on the network-side and ananalysis of the mobile subscriber identification information can beperformed resulting in a registration authorization being provided tothe device at 102.

BRIEF DESCRIPTION OF THE DRAWINGS

Reference will now be made to the accompanying drawings, which are notnecessarily drawn to scale, and wherein:

FIG. 1 depicts an illustrative embodiment of a registration process inthe prior art;

FIG. 2 depicts an illustrative embodiment of a system that providescommunication services and enables re-using mobile SubscriberIdentification Information by other devices;

FIGS. 3-6 depict illustrative embodiments of registration processes usedin portions of the system described in FIG. 1;

FIG. 7 depicts an illustrative embodiment of a method that providescommunication services and enables re-using mobile SubscriberIdentification Information by other devices;

FIG. 8 depicts another illustrative embodiment of a system that providescommunication services and enables re-using mobile SubscriberIdentification Information by other devices;

FIG. 9 depicts an illustrative embodiment of a communication device thatcan be utilized in either or both of the systems of FIGS. 2 and 8 and/orcan be utilized during the method of FIG. 7;

FIGS. 10-11 depict illustrative embodiments of systems that provide forreuse of mobile subscriber identification information based onregistration error messages;

FIG. 12 depicts another illustrative embodiment of a method thatprovides communication services and enables re-using mobile subscriberidentification information by other devices;

FIG. 13 depicts an illustrative embodiment of a system that provides forreassignment of mobile subscriber identification information;

FIG. 14 depicts another illustrative embodiment of a method thatprovides communication services and enables reassigning mobilesubscriber identification information to other devices;

FIG. 15 depicts an illustrative embodiment of a system that provides foruse of a same mobile subscriber identification information by more thanone communication device;

FIG. 16 depicts an illustrative embodiment of a database structure thatcan be utilized during use of a same mobile subscriber identificationinformation by more than one communication device;

FIG. 17 depicts another illustrative embodiment of a system thatprovides for use of a same mobile subscriber identification informationby more than one communication device;

FIG. 18 depicts another illustrative embodiment of a method thatprovides communication services and enables use of the same mobilesubscriber identification information by multiple communication devices;and

FIG. 19 is a diagrammatic representation of a machine in the form of acomputer system within which a set of instructions, when executed, maycause the machine to perform any one or more of the methods describedherein.

DETAILED DESCRIPTION

The subject disclosure describes, among other things, illustrativeembodiments for managing utilization of mobile subscriber identityinformation referred to herein as an International Mobile SubscriberIdentity (IMSI). The system and methods described herein can enablereuse of an IMSI by a different communication device and/orre-authorizing use by a communication device that previously wasauthorized to utilize the IMSI. In one or more embodiments, themanagement of the IMSI reuse can be based at least in part onintercepting registration requests and/or registration error messages.In one or more embodiments, the communication devices can be end userdevices, or other devices including Machine-to-Machine (M2M) or Internetof Things (IoT) devices. In one or more embodiments, a bootstrap IMSIcan be utilized in a registration process by a communication device thathas been flagged as inactive, where the limited use includes enablingcommunication with network elements for initiating a registrationprocess without enabling user communication services at thecommunication device utilizing the bootstrap IMSI.

In one or more embodiments, a same IMSI can be utilized by more than onecommunication device according to distinguishing between device (e.g.,during registration) based on unique device identification information.Other embodiments are described in the subject disclosure.

One or more aspects of the subject disclosure can be a method whichincludes receiving, by a processing system including a processor, asingle international mobile subscriber identity associated with aregistration request by a first communication device. The singleinternational mobile subscriber identity can be associated with thefirst communication device and can be associated with a secondcommunication device. The method includes obtaining, by the processingsystem, device identification information for the first communicationdevice. The method includes selecting, by the processing system, a firstregistration function from among a group of registration functionsaccording to the device identification information, where the group ofregistration functions stores subscriber information includinginternational mobile subscriber identities that are indexed to deviceidentifications. The method includes transmitting, by the processingsystem, an authentication request to the first registration function,where the first registration function stores first subscriberinformation including the single international mobile subscriberidentity that is indexed to the first communication device, and where asecond registration function of the group of registration functionsstores second subscriber information including the single internationalmobile subscriber identity that is indexed to the second communicationdevice. The second registration function does not store the firstsubscriber information. The first registration function does not storethe second subscriber information. The transmitting of theauthentication request to the first registration function can enable thefirst communication device to complete a registration process.

One or more aspects of the subject disclosure can include amachine-readable storage medium, comprising executable instructionsthat, when executed by a processing system of a first communicationdevice that includes a processor, facilitate performance of operations.The operations can include providing a registration request with asingle international mobile subscriber identity to a network server,where the single international mobile subscriber identity is associatedwith the first communication device and is associated with a secondcommunication device. The operations can include providing deviceidentification information for the first communication device to thenetwork server, where the providing of the single international mobilesubscriber identity and the device identification information causes thenetwork server to transmit an authentication request to a registrationfunction that stores subscriber information including internationalmobile subscriber identities that are indexed to device identifications.The registration function can store first subscriber informationincluding the single international mobile subscriber identity that isindexed to the first communication device and can store secondsubscriber information including the single international mobilesubscriber identity that is indexed to the second communication device.The transmitting of the authentication request to the registrationfunction can enable the first communication device to complete aregistration process.

One or more aspects of the subject disclosure can include a devicehaving a processing system including a processor and having a memorythat stores executable instructions that, when executed by theprocessing system, facilitate performance of operations. The operationscan include receiving a single international mobile subscriber identityassociated with a registration request by a first communication device,where the single international mobile subscriber identity is associatedwith the first communication device and is associated with a secondcommunication device. The operations can include obtaining deviceidentification information for the first communication device. Theoperations can include transmitting an authentication request to aregistration function that stores subscriber information includinginternational mobile subscriber identities that are indexed to deviceidentifications, where the registration function stores first subscriberinformation including the single international mobile subscriberidentity that is indexed to the first communication device and storessecond subscriber information including the single international mobilesubscriber identity that is indexed to the second communication device.The transmitting of the authentication request to the registrationfunction can enable the first communication device to complete aregistration process.

One or more aspects of the subject disclosure is a method includingreceiving, by an identity proxy function executed by a processing systemincluding a processor, a first international mobile subscriber identityassociated with a first registration request of a communication device.The method includes accessing, by the identity proxy function,information that identifies a group of international mobile subscriberidentities. The method includes responsive to a first determination thatthe first international mobile subscriber identity is included in thegroup of international mobile subscriber identities, providing, via anidentity provisioning function, the communication device withprovisioning information that enables reassignment of a secondinternational mobile subscriber identity to the communication device tofacilitate a registration of the communication device.

One or more aspects of the subject disclosure can include amachine-readable storage medium, comprising executable instructionsthat, when executed by a processing system of a communication devicethat includes a processor, facilitate performance of operations. Theoperations can include providing a registration request that includes afirst international mobile subscriber identity. The operations caninclude, responsive to a determination that the first internationalmobile subscriber identity is designated for limited use, receivingprovisioning information that includes a second international mobilesubscriber identity. The operations can include facilitating aregistration of the communication device utilizing the secondinternational mobile subscriber identity. The registration enablescommunication services at the communication device. The limited use ofthe first international mobile subscriber identity includes enablingcommunication with network elements for the providing the registrationrequest without enabling the communication services at the communicationdevice utilizing the first international mobile subscriber identity.

One or more aspects of the subject disclosure can include a devicehaving a processing system including a processor, and a memory thatstores executable instructions that, when executed by the processingsystem, facilitate performance of operations. The operations can includeproviding, to an identity proxy function, information that identifies agroup of international mobile subscriber identities. Responsive to afirst determination that a first international mobile subscriberidentity of a communication device is included in the group ofinternational mobile subscriber identities: the communication device canbe provided with provisioning information that includes a secondinternational mobile subscriber identity, and network provisioning datacan be provided to a home location register, an authentication center,an equipment identity register, a home subscriber server, a national SIMmanager, or a combination thereof. The network provisioning data canindicate a reassignment of the second international mobile subscriberidentity to the communication device.

One or more aspects of the subject disclosure can be a method thatincludes receiving, by an identity proxy function executed by aprocessing system including a processor, a registration error messageand a first international mobile subscriber identity associated with acommunication device. The identity proxy function can access informationthat identifies a group of international mobile subscriber identitiesand that indicates a subset of the group of international mobilesubscriber identities that have been reassigned to other communicationdevices. Responsive to a first determination that the firstinternational mobile subscriber identity is included in the subset ofthe group of international mobile subscriber identities and that thecommunication device is not one of the other communication devices thathas received a reassignment of one of the subset of the group ofinternational mobile subscriber identities, the communication device canbe provided (e.g., via an identity provisioning function) withprovisioning information. The provisioning information can enable one ofdisabling use of the first international mobile subscriber identity bythe communication device, reassignment of a second international mobilesubscriber identity from the group of international mobile subscriberidentities that is not included in the subset of the group ofinternational mobile subscriber identities, or a combination thereof.

One or more aspects of the subject disclosure can include amachine-readable storage medium, including executable instructions that,when executed by a processing system of a communication device thatincludes a processor, facilitate performance of operations. Theoperations can include providing a registration request that includes afirst international mobile subscriber identity. Responsive to adetermination that the first international mobile subscriber identityhas been reassigned to another communication device and that thecommunication device is not the other communication device, theprocessing system can receive provisioning information that includes asecond international mobile subscriber identity. The processing systemcan facilitate a registration process that utilizes the secondinternational mobile subscriber identity and that enables communicationservices at the communication device.

One or more aspects of the subject disclosure can include a devicehaving a processing system including a processor and a memory thatstores executable instructions that, when executed by the processingsystem, facilitate performance of operations. The processing system canprovide, to an identity proxy function, information that identifies agroup of international mobile subscriber identities and that indicates asubset of the group of international mobile subscriber identities thathave been reassigned to other communication devices. The processingsystem can, responsive to a first determination that a firstinternational mobile subscriber identity of a communication device isincluded in the subset of the group of international mobile subscriberidentities and that the communication device is not one of the othercommunication devices that has received a reassignment of one of thesubset of the group of international mobile subscriber identities,provide the communication device with provisioning information. Theprovisioning information can enable one of disabling use of the firstinternational mobile subscriber identity by the communication device,reassignment of a second international mobile subscriber identity fromthe group of international mobile subscriber identities that is notincluded in the subset of the group of international mobile subscriberidentities, or a combination thereof.

One or more aspects of the subject disclosure is a method that includesreceiving, by an identity proxy function executed by a processing systemincluding a processor, a registration request associated with acommunication device where the registration request includes aninternational mobile subscriber identity of the communication device.The method can include accessing, by the identity proxy function,information that identifies a group of international mobile subscriberidentities and that indicates a subset of the group of internationalmobile subscriber identities that have been reassigned to othercommunication devices. Responsive to a first determination that theinternational mobile subscriber identity is not included in the group ofinternational mobile subscriber identities or a second determinationthat the international mobile subscriber identity is included in thesubset of the group of international mobile subscriber identities,providing, by the identity proxy function, the registration request to aregistration function for completing a registration process for thecommunication device that enables communication services at thecommunication device.

One or more aspects of the subject disclosure can include a devicehaving a processing system including a processor and a memory thatstores executable instructions that, when executed by the processingsystem, facilitate performance of operations. The operations can includereceiving an international mobile subscriber identity of a communicationdevice. The operations can include accessing information that identifiesa group of international mobile subscriber identities and that indicatesa subset of the group of international mobile subscriber identities thathave been reassigned to other communication devices. Responsive to afirst determination that the international mobile subscriber identity isincluded in the subset of the group of international mobile subscriberidentities and that the communication device is not one of the othercommunication devices that has received a reassignment of one of thesubset of the group of international mobile subscriber identities, theoperations can include providing (e.g., via an identity provisioningfunction) the communication device with provisioning information thatdisables use of the international mobile subscriber identity by thecommunication device.

One or more aspects of the subject disclosure includes amachine-readable storage medium, comprising executable instructionsthat, when executed by a processing system of a communication devicethat includes a processor, facilitate performance of operations. Theoperations include providing a registration request that is received byan identity proxy function operating in a server, where the registrationrequest includes a first international mobile subscriber identity of thecommunication device. The operations can include, responsive to adetermination that the first international mobile subscriber identityhas been reassigned to another communication device and that thecommunication device is not the other communication device, receiving,(e.g., from an identity provisioning function), provisioning informationthat includes a second international mobile subscriber identity. Theoperations can include facilitating a registration process that utilizesthe second international mobile subscriber identity and that enablescommunication services at the communication device.

FIG. 2 depicts an illustrative embodiment of a communication system 200(e.g., a Global System for Mobile Communications (GSM) system) thatprovides communication services such as to a communication device 210.The communication device 210 can be various types of devices such as amobile phone or other devices that utilize an IMSI for establishingcommunication services. The types of communication services can varyincluding voice services, video, data and/or messaging. System 200enables IMSI re-use by the same or other communication devices throughuse of an identity proxy function 250 and an identity provisioningfunction 350.

System 200 can include various components that facilitate providing thecommunication services, such as a Base Station Subsystem (BSS) thatperforms various functions (e.g., allocation of radio channels, paging,transmitting and receiving over the air interface). The BSS can includea Base Transceiver Station (BTS) 220 which can include equipment fortransmitting and receiving radio signals, antennas, and equipment forencrypting and decrypting communications with a Base Station Controller(BSC) 230. The BSC 230 can serve several different frequencies anddifferent sectors of a cell. System 200 can include a core network withother components such as a Mobile Switching Center (MSC) 240, a VisitorLocation Register (VLR) 245, a Home Location Register (HLR) 260, anAuthentication Center (AUC) 270, and an Equipment Identity Register(EIR) 270.

The MSC 240 can be a primary service delivery node that is responsiblefor routing voice calls and SMS, as well as other services, such asconference calls, FAX and circuit switched data. The VLR 245 can be adatabase of subscribers that have roamed into a jurisdiction of aparticular MSC served by that VLR. The VLR 245 is illustrated as astand-alone device but can be integrated with the MSC 240. The HLR 260can be a central database that contains details of each mobile phonesubscriber that is authorized to use the core network. In one or moreembodiments, the HLRs can store details of Universal Integrated CircuitCards (UICCs) (e.g., Subscriber Identity Module (SIM) cards) issued bythe mobile phone operator. In one or more embodiments, IMSIs can beunique identifiers which are the primary key to each HLR record. In oneor more embodiments, MSISDNs, which are the telephone numbers used bymobile phones to make and receive calls, can also be a primary key to aparticular HLR record. Other data can be stored in the HLR 260 (e.g.,indexed to a particular IMSI), such as communication services that thesubscriber has requested or is authorized to utilize, GPRS settings toallow the subscriber to access packet services, a current location ofsubscriber call divert settings applicable for each associated MSISDN,and so forth.

The AUC 270 can perform a function to authenticate each UICC thatattempts to connect to the core network (e.g., when the phone is poweredon). Once the authentication is successful, the HLR 260 can manage theUICC and authorized communication services. The EIR 280 can maintain alist of mobile phones (e.g., identified by their International MobileStation Equipment Identity (IMEI)) which are to be monitored or are tobe prohibited from utilizing the network. The EIR 280 can be a databasethat contains information about the identity of the mobile equipmentthat prevents calls from stolen, unauthorized or defective mobilestations. In one or more embodiments, the EIR 280 can log handsetattempts that are stored in a log file. The EIR 280 is illustrated as astand-alone device but can be integrated with the HLR 260. System 200can include other features such as an Operations and Maintenance Center(OMC) that enables or otherwise facilitates the operation,administration and maintenance of a GSM network.

The communication system 200 can provide Over-The-Air (OTA) technologyto communicate with, download applications to, and manage a UICC withoutbeing connected physically to the UICC. As an example, an OTA gateway280 can communicate with a Short Message Service Center (SMSC) 290 fordelivering provisioning information to the communication device 210, aswell as propagating information to other network elements. For instance,OTA gateway 280 can transform information (e.g., service requests,provisioning information, and so forth) into short messages which areprovided to the SMSC 290 for delivery to the communication device 210.In one embodiment, the OTA gateway 280 receives service requests througha gateway API that indicates the actual UICC to modify, update, and/oractivate. In one embodiment, the OTA gateway 280 can have a UICCdatabase that indicates for each UICC, the vendor, a UICC identificationnumber, the IMSI and the MSISDN. In one embodiment, the service requestcan be formatted by the OTA gateway 280 into a message that can beunderstood by the recipient UICC, such as through use of librariesaccessible to (or stored by) the OTA gateway that contain the formats touse for each brand of UICC. The resulting formatted message can then besent to the SMSC 290 for delivery.

The identity proxy function 250 can be a stand-alone device (e.g.,positioned between the BSS and the MSC 240), or can be integrated withother components of the system 200 such as being executed by a serverthat also executes the MSC/VLR functions. In one or more embodiments,the identity proxy function 250 is configured so that information (e.g.,a registration request) being sent to a registration function (e.g., theHLR 260) is intercepted or otherwise first received by the identityproxy function prior to being received by the MSC 240, the VLR 245 andthe HLR 260. The particular positioning of the identity proxy function250 with respect to other network elements can vary provided that theidentity proxy function maintains its ability to manage use and re-useof IMSIs. In one embodiment, a single identity proxy function 250 can beutilized for a set of MSC/VLR and HLR.

In another embodiment, multiple identity proxy functions 250 can beutilized for each set of MSC/VLR and HLR, where the identity proxyfunctions are positioned at various points in the core network such asbetween the BSS and the MSC 240 and between the VLR 245 and the HLR 260(shown as dashed lines in FIG. 2). In one embodiment where multipleidentity proxy functions 250 are utilized, they can communicate witheach other for implementing the management of the use and re-use of theIMSIs.

In one embodiment, an interface 255 can be established between theidentity proxy function 250 and other network components, such as theHLR 260. For example, the interface 255 can enable the identity proxyfunction 250 to communicate directly with the HLR 260 so as to bypasscommunication with the VLR. For instance and as described herein, theidentity proxy function 250 can simulate function(s) of the VLR 245 suchas SRES comparison, and the interface 255 can enable obtaining dataneeded for the SRES comparison.

System 200 can also include an identity provisioning function 350 forproviding information to various devices including the communicationdevice 210, and network element(s). In one embodiment, the identityprovisioning function 350 can maintain a listing of the designated IMSIsand can provision identity proxy functions throughout the network withthis listing. The identity provisioning function 350 can be a separatedevice that is in communication with the identity proxy function 250. Inone embodiment, the identity provisioning function 350 can provide forOTA provisioning of the communication device 210 via a registrationsimulation platform as described herein, as well as propagate otherinformation to various network elements (e.g., communicating notices ofreassigned IMSIs or other information to the HLR 260, the AUC 270 and/orthe EIR 280). In one embodiment, the identity provisioning function 350can be in communication with the OTA gateway 280 and can utilize theservices of the SMSC 290 to provision communication devices. Thefunctions performed by the identity proxy function 250 and the identityprovisioning function 350 in managing IMSI reuse can vary. In oneembodiment, the identity proxy function 250 can be utilized as a pointof IMSI screening and further determinations as to what steps should betaken to manage the particular IMSI can be made by the identityprovisioning function 350 based on a detection or screening messagereceived by the identity provisioning function 350 from the identityproxy function 250. In other embodiments, the identity proxy function250 can take a more active role in determinations of the appropriatesteps to be taken to manage the particular IMSI.

Referring to FIG. 3 which illustrates a portion of system 200 and may ormay not include intermediate network components in the message exchangepaths, the identity proxy function 250 can have access to a list ofIMSIs that are designated for potential reassignment or as havingalready been reassigned to another communication device. For instance,the identity provisioning function 350 can maintain the listing of thedesignated IMSIs at 301 and can provision identity proxy functionsthroughout the network with this listing at 302. The listing of thedesignated IMSIs can be generated based on various criteria.

This provisioning information associated with the IMSIs can be utilizedby the identity proxy function 250 to manage or otherwise facilitateregistration by communication devices and reuse of IMSIs. For example,the identity proxy function 250 can determine that an IMSI is notincluded in the listing of the designated IMSIs in which case aregistration request associated with that IMSI would be forwarded to theMSC 240 for completing a registration process.

As another example, the identity proxy function 250 can determine thatan IMSI is included in the listing of the designated IMSIs but is notincluded in the subset of IMSIs that has already been reassigned inwhich case the identity proxy function 250 would know that an originaldevice (which has been flagged as inactive) is attempting to registerwith the network. The identity proxy function 250 could then takeappropriate steps for providing service to the original device, such ascausing (e.g., via the identity provisioning function 350) reauthorizinguse of the IMSI if services are now authorized (e.g., payment ofservices has been received) or causing the providing of nullificationinformation to the original device (e.g., via the identity provisioningfunction 350, a registration simulation platform, the OTA 280 and/or theSMSC 290) to further cause use of the IMSI at the original device to bedisabled if services are not authorized or the device/UICC are notcompatible with current network service. In one or more embodiments, theidentity proxy function 250 can provide a notice to the identityprovisioning function of detection of a particular IMSI and the identityprovisioning function 350 can then take appropriate steps for managingthe reuse of IMSIs.

As another example, the identity proxy function 250 can determine thatan IMSI is included in the listing of the designated IMSIs and is alsoincluded in the subset of IMSIs (which have already been reassigned).Responsive to these determinations, a further determination can be madeas to whether the device is the original device associated with the IMSIprior to the reassignment or whether the device is the new device thathas been reassigned the IMSI. The identity proxy function 250 and/or theidentity provisioning function 350 could then take appropriate steps forallowing registration of the new device that has been reassigned theIMSI or for providing service to the original device. For instance,another IMSI can be reassigned (e.g., via the identity provisioningfunction 350) to the original device from the listing of designatedIMSIs (which has not already been reassigned) if services are nowauthorized (e.g., payment of services has been received). In anotherembodiment, nullification information can be provided to the originaldevice (e.g., via the identity provisioning function 350) to cause useof the original IMSI at the original device to be disabled, such aswhere another IMSI is to be reassigned to the original device.

In one embodiment, IMSIs can be designated for potential re-use due tosuspension of services for a subscriber such as for non-payment or foranother reason. In one embodiment, IMSIs can be designated for potentialre-use due to a lack of use of the IMSI (or the device having a UICCthat utilizes the IMSI) for a threshold time period, such as a mobilephone that has not attempted to register with a network (e.g., the GSMnetwork or some other network including LTE or UMTS) in six months. Inone embodiment, IMSIs can be designated for potential re-use accordingto a confirmation that the UICC has been damaged, lost, stolen and soforth. In one or more embodiments as the IMSIs are reassigned to otherdevices, those particular IMSIs can be further flagged as having beenreassigned (i.e., flagged as a subset of the list of designated IMSIs).The identity provisioning function 350 can keep the identity proxyfunction 250 (as well as other identity proxy functions throughout thenetwork) apprised of the list of designated IMSIs as well as the subsetof those IMSIs that have already been reassigned to anothercommunication device so that the identity proxy function 250 canaccurately perform an IMSI screening process when registration requestsare received.

Referring to FIG. 4 which illustrates a portion of system 200 and may ormay not include intermediate network components in the message exchangepaths, another communication device 410 can be reassigned an IMSI fromthe designated IMSIs where the IMSI was previously associated with thecommunication device 210 (which has been flagged as inactive). In thisexample at 401, the identity provisioning function 350 can receive arequest, be instructed or otherwise determine that the IMSI (in the listof designated IMSIs) is to be reassigned to the communication device410. The communication device 410 can be a new device that needs an IMSIto provide communication services or an existing device that requiresanother IMSI due to some other reason, such as having its own IMSIreassigned to a different device.

At 402, the identity provisioning function 350 can notify the HLR 260that the communication device 410 is now associated with the particularreassigned IMSI. This can include deleting an original IMSI assignmentfor the communication device 410 and/or adding the new IMSI assignmentfor the communication device 410 in the database of the HLR 260. In oneembodiment, this notification can cause the HLR 260 to perform adatabase update such as re-mapping to particular HLR records, adjustingmapping with respect to MSISDNs, adjusting an identification ofavailable communication services that the subscriber has requested or isauthorized to utilize, adjusting GPRS settings to allow the subscriberto access packet services, and so forth.

At 403, the identity provisioning function 350 can notify the identityproxy function 250 that the communication device 410 is now associatedwith the particular reassigned IMSI. In one embodiment, the identityproxy function 250 can already be aware that the IMSI is part of a groupof IMSIs designated for potential reassignment and can already be awarethat the communication device 210 has been flagged as inactive. In thisexample, the identity proxy function 250 can switch a designation of theparticular IMSI to being flagged as within the subset of the designatedIMSIs that have already been reassigned to another device (i.e., thecommunication device 410 in this example).

Referring to FIG. 5 which illustrates a portion of system 200 and may ormay not include intermediate network components in the message exchangepaths, the identity proxy function 250 facilitates registration ofdevices that have been reassigned IMSIs by intercepting or otherwisereceiving registration requests, such as prior to the registrationrequest being provided to the MSC 240, the VLR 245 and the HLR 260. Forexample at 501, the communication device 410 (which has been reassignedan IMSI from the listing of designated IMSIs where the IMSI waspreviously associated with the communication device 210) can requestregistration with the network. A registration request including thereassigned IMSI can be received by the identity proxy function 250 whichdetermines whether or not the particular IMSI is part of the group ofdesignated IMSIs and whether a reassignment to another device hasalready occurred. In one embodiment, the identity proxy function 250and/or the identity provisioning function 350 can identify theparticular device requesting registration with the network. Forinstance, device identification information (e.g., an IMEI) can beobtained for the communication device 410, such as being received fromdevice 410 or from another source.

At 502, if the received IMSI is determined as having already beenreassigned to another device and if the communication device 410 isdetermined to be that other device then identity proxy function 250 canforward the registration request to the MSC/VLR (or another registrationfunction server) for processing of the registration of the communicationdevice 410. At 503 and 504, messaging associated with the registrationprocess can be exchanged such as between the HLR 260, the VLR 245, theidentity proxy function 250, and/or the communication device 410.

The particular messaging that makes up the registration request and theregistration process can vary. In one embodiment, the communicationdevice 410 can send a Channel Request message to the BSS on a RandomAccess Channel (RACH) and the BSS can respond on an Access Grant Channel(AGCH) with an Immediate Assignment message while assigning a StandAlone Dedicated Control Channel (SDCCH) to the communication device 410.The communication device 410 can switch to the assigned SDCCH and cansend a Location Update Request to the BSS. The communication device 410can send its IMSI to the BSS. The BSS can forward the Location UpdateRequest/IMSI (i.e., a registration request) which is received orintercepted by the identity proxy function 250 which determines whetherthe received IMSI is already reassigned to another device and if thecommunication device 410 is that other device. If so, then theregistration request is forwarded by the identity proxy function 250 tothe MSC 240/VLR 245 which in turns forwards the registration request tothe HLR 260, along with a request for verification of the IMSI and arequest for authentication triplets (RAND, Kc, SRES). The HLR 260 canforward the IMSI to the AuC 270 and can request the authenticationtriplets. The AuC 270 can generate the authentication triplets and cansend them, along with the IMSI, back to the HLR 260. The HLR 260 canvalidate the IMSI by ensuring it is allowed on the network and it isauthorized for subscriber services. The HLR 260 can then forward theIMSI and the triplets to the VLR 245 which stores the SRES and the Kc,and can also forward the RAND to the BSS. The VLR 245 can utilize theBSS to authenticate the communication device 410. The BSS can send thecommunication device 410 an Authentication Request message with the onlyauthentication parameter being sent in the message being the RAND. Thecommunication device 410 can use the RAND to calculate the SRES and cansend the SRES back to the BSS on the SDCCH in an AuthenticationResponse. The BSS can forward the SRES to the VLR 245 which compares theSRES generated by the AuC with the SRES generated by the communicationdevice. If the SRESs match then authentication is completedsuccessfully. The exemplary embodiments can also utilize other messagingtechniques and paths for registration of the communication device 410.

In one embodiment, the VLR 245 can forward the Kc for the communicationdevice 410 to the BSS where the Kc is not sent across the air interfaceto the communication device. The BSS can store the Kc and can forward aSet Cipher Mode command to the communication device 410 where thecommand only indicates which encryption to use. The communication device410 can switch to cipher mode using the particular encryption algorithm(e.g., A5) so that all transmissions are now enciphered and can send aCiphering Mode Complete message to the BSS. The VLR 245 can send aLocation Updating Accept message to the BSS and also generate a newTemporary Mobile Subscriber Identity (TMSI) for the communicationdevice. The BSS can send the TMSI to the communication device 410 whichcan respond with a TMSI Reallocation Complete message that is forwardedto the VLR 245. The BSS can instruct the communication device 245 to gointo idle mode by sending it a Channel Release message and can thendeassign the SDCCH. The VLR 245 can send an Update Location message tothe HLR 260 which records the particular MSC/VLR the communicationdevice is currently associated with.

In one embodiment such as where the identity proxy function 250 isunable to obtain device identity information (e.g., the IMEI) for thecommunication device 410, the identity proxy function 250 can simulatethe registration process to obtain information that enables discerningwhether the communication device 410 is the device that has beenreassigned the IMSI or is the original device that was previouslyassociated with the IMSI prior to the reassignment. As an example, theidentity proxy function 250 can simulate the registration process so asto obtain an SRES generated by the communication device 410. From thatgenerated SRES, the identity proxy function 250 can detect whether thecommunication device 410 is the device that has been reassigned the IMSIor is the original device that was previously associated with the IMSIprior to the reassignment. In this example, the identity proxy function250 can communicate with other necessary components for obtaining datathat is utilized in the registration process such as bypassing the VLR245 and communicating via the interface 255 with the HLR 260 to obtainthe authentication triplets. In this example, since the identity proxyfunction 250 requested the authentication triplets, the HLR 260 willobtain them from the AUC 270 and provide them back to the identity proxyfunction rather than providing them to the VLR 245. In one embodiment,the simulation of the registration process and the forcing of an SRESgeneration by the communication device 410 can be utilized to identifythe particular device according to a secret key (in combination with theRAND provided by the identity proxy function 250) that the communicationdevice would utilize in generating the SRES. The secret keys can beknown or otherwise accessible to the identity proxy function 250 so thatthe secret key could be utilized to detect which device is generatingthe registration request. As an example, the secret key can be usedduring multiple cryptographic operations which can include theauthentication of the device (e.g., in all networks) and the network(e.g., in UMTS and LTE).

In one embodiment, rather than utilizing the interface 255, system 200can utilize first and second identity proxy functions 250 that arepositioned between the communication device 210 and the MSC 240 andpositioned between the VLR 245 and the HLR 260, respectively. The firstand second identity proxy functions 250 can communicate with each other,such as to bypass the VLR 245 when the identity proxy functions 250 aresimulating a registration process and forcing the communication device410 to generate an SRES. In one embodiment, once the identity proxyfunction 250 has determined the identity of the device (original devicevs. new device), the identity proxy function 250 can require that thecommunication device perform a re-registration.

Referring to FIG. 6 which illustrates a portion of system 200 and may ormay not include intermediate network components in the message exchangepaths, the identity proxy function 250 facilitates registration ofdevices where the particular IMSI has been designated for potentialreassignment or has already been reassigned by intercepting or otherwisereceiving registration requests, such as prior to the registrationrequest being provided to the MSC 240, the VLR 245 and the HLR 260. Forexample at 601, the original device 210 can request registration withthe network. The original device 210 may have been flagged as inactive,such as for non-use over a threshold period of time, suspension ofservices for non-payment, a customer requesting discontinuation ofservices, and so forth. A registration request including the IMSI can bereceived by the identity proxy function 250 which determines whether ornot the particular IMSI is part of the group of designated IMSIs andwhether a reassignment has already occurred. In one embodiment, theidentity proxy function 250 can identify the particular devicerequesting registration with the network. For example, deviceidentification information (e.g., an IMEI) can be obtained for theoriginal device 210, such as being received from device 210 (e.g., inthe registration request). As another example, if the IMSI has not beenreassigned but is part of the IMSIs designated for potentialreassignment then the identity proxy function 250 can determine that thedevice requesting registration is the original device 210 that has beenflagged as inactive. The identification of the device can be based onsimulating the registration process and forcing a generation of an SRESby the communication device 210, as described herein.

In one embodiment, the identity proxy function 250 and/or the identityprovisioning function 350 can determine whether the original device 210is eligible for services. If the original device 210 is not eligible forservices (e.g., suspension of services for non-payment or other reasons,device/UICC is no longer compatible with network or services, and soforth) then the identity proxy function 250 can cause or otherwisefacilitate or enable provisioning information to be provided (e.g., viathe identity provisioning function 350) to the original device 210 tocause the original device to disable its use of the IMSI. In thisexample, the IMSI can then be removed from the designated listing ofIMSIs and can instead be included with other IMSIs (e.g., that havenever been used before) that are eligible for assignment.

In one embodiment, if the IMSI has not yet been reassigned then theidentity proxy function 250 and/or the identity provisioning function350 can determine whether to allow the original device 210 to utilizethat original IMSI, such as confirming that the subscriber is eligiblefor services (e.g., based on payment for services or other actions thatremoved a suspension of services). If the original device 210 ispermitted to utilize its IMSI, then identity proxy function 250 canforward the registration request (based on the original IMSI) to the MSC240/VLR 245 and can provide a notification (e.g., to the identityprovisioning function 350) to remove the IMSI from the listing ofdesignated IMSIs and to further adjust the status of the original device210 from an inactive status to an active status.

In one embodiment, if the IMSI has already been reassigned to anotherdevice then the identity proxy function 250 and/or the identityprovisioning function 350 can confirm that the subscriber of theoriginal device 210 is eligible for services and can obtain reassignmentof another IMSI (from the designated list of IMSIs) for the originaldevice. For example at 602, responsive to a determination that the IMSIhas already been reassigned to another device and a determination thatthe subscriber of the original device 210 is eligible for services thenthe identity proxy function 250 can provide a request to the identityprovisioning function 350 for another IMSI from the listing ofdesignated IMSIs (which is not in the subset of IMSIs that has alreadybeen reassigned) or the identity proxy function 250 can receive theother IMSI from the identity provisioning function 350 based on adetermination made by the identity provisioning function 350. In oneembodiment, the original device 210 can continue to utilize its originalsecret key (which is mapped to the original device by the network). Inone embodiment, the determination of eligibility for services can bemade by the identity provisioning function 350 such that the identityproxy function 250 transmits the request to the identity provisioningfunction 350 for another IMSI responsive to a determination that theIMSI has already been reassigned to another device and the identityprovisioning function 350 can approve or deny the request.

Continuing with this example at 603, the identity provisioning function350 can notify various network elements (e.g., the HLR 260) that thecommunication device 210 is now associated with the particularreassigned IMSI. This can include the HLR 260 deleting an original IMSIassignment for the communication device 210 and/or adding the new IMSIassignment for the communication device 210 in its database. In oneembodiment, this notification can cause the HLR to perform a databaseupdate such as re-mapping to particular HLR records, adjusting mappingwith respect to MSISDNs, adjusting an identification of availablecommunication services that the subscriber has requested or isauthorized to utilize, adjusting GPRS settings to allow the subscriberto access packet services, and so forth.

At 604, the identity provisioning function 350 can provide provisioninginformation to the communication device 210 via an OTA platform thatcauses the UICC to be adjusted so that the reassigned IMSI is nowutilized by the device for communication services. In one embodiment, tosend an OTA provisioning message to a device that has not completedregistration to a target network, a simulating network can be used tointercept (e.g., prior to being received by a VLR in GSM or an MME inLTE) and complete the registration. The simulating network can send anOTA message to the device that can cause the modification of the deviceIMSI and can cause the device to perform a re-registration to the targetnetwork. For example, the simulating network can comprise a set offunctional elements (e.g., registration simulation platform 675) thatexist in the target network. This can include an MSC/VLR, a MME, a HLRor HSS, an AUC, a SMSC, an OTA platform, a SGW, a PGW, an EIR and/or anycombination thereof. The AUC of registration simulation platform 675 cancontain the secret key of the device and the HSS/HLR can be provisionedto allow the device to register. Other pre-provisioning functions can beperformed. For instance, the registration simulation platform 675 can beintegrated into the identity proxy function 250 (illustrated in FIG. 6),the identity provisioning function 350 and/or can exist as a standalonedevice. In one embodiment, the identity provisioning function 350 canbecome aware of the registration to the registration simulation platform675 by notification from the registration simulation platform 675 and/orfrom the identity proxy function 250. In this example, the identityprovisioning function 350 can instruct the registration simulationplatform 675 to perform an OTA to modify an IMSI of that particulardevice. The identity provisioning function 350 may provide an update tothe identity proxy function 250 regarding the content of the requestedOTA. In one embodiment, the identity proxy function 350 can first detectan error message, then perform an action such as not forwarding theerror to the device to cause the device to reattempt the registration,and finally intercept the reattempt and forward to the registrationsimulation platform 675.

In another embodiment, the identity provisioning function 350 canprovide provisioning information to the communication device 210 via theOTA 280 and the SMSC 290 that causes the UICC to be adjusted so that thereassigned IMSI is now utilized by the device for communicationservices. In another embodiment at 605, the communication device 210 canthen attempt to re-register utilizing the reassigned IMSI. The identityproxy function 250 can receive the registration request for thecommunication device 210, which now includes the reassigned IMSI and at606-608 the registration process (via the VLR 245 and the HLR 260) canbe completed based on the reassigned IMSI. In one or more embodiments,the identity provisioning function 350 can provision a National SIMManager (NSM) with the reassigned IMSI for the original device where thesecret key of the original device is already known. In anotherembodiment, the identity provisioning function 350 can be integratedwith equipment of the NSM. In one embodiment, a billing system candetect the change in IMSI for the UICC and can provision some or allother network elements necessary for enabling call processing (e.g., HLR260, AUC 270).

FIG. 7 depicts an illustrative embodiment of a method 700 used by system200 for facilitating the re-use of IMSIs. One or more of the steps ofmethod 700 can be performed by the identity proxy function 250, theidentity provisioning function 350 and/or by other devices described inFIGS. 2-6. At 702, an IMSI can be received that is associated with acommunication device. For instance, the IMSI can be part of aregistration request that is generated by or caused to be generated bythe communication device. At 704, a determination of the status of theISMI can be made. For example, the identity proxy function 250 candetermine whether the IMSI is included in a designated group of IMSIsand if so can further determine whether the IMSI is included in a subsetof the group which is further designated as having already beenreassigned to another communication device. If the IMSI is not part ofthe designated group of IMSIs then the registration process can becontinued by forwarding the registration request and/or IMSI to the MSC240/VLR 245 to perform the registration at 706. If on the other hand theIMSI is part of the designated group of IMSIs then a determination canbe made at 708 as to whether the registration request is for an originaldevice that was associated with the IMSI (e.g., prior to beingreassigned) or whether the registration request is for a new device thathas been reassigned the IMSI. The identification of the particulardevice can be performed in a number of different ways, such as based ondevice identification information (e.g., IMEI), simulating aregistration process to force an SRES generation by the device fromwhich the device identification can be determined, and so forth.

If the registration request and the IMSI are from a new device that hasbeen reassigned the IMSI then the registration process can be continuedby forwarding the registration request and/or IMSI to the MSC 240/VLR245 to perform the registration at 706. If on the other hand theregistration request and the IMSI are from an original device (e.g., adevice that the IMSI was previously associated with prior to being addedto the listing of designated IMSIs) then a determination can be made at710 as to whether the subscriber of the original device is eligible forcommunication services. Eligibility for services can be based on variousfactors and can be determined by various components or a combination ofcomponents, such as based on billing, device hardware requirements,device software requirements, and so forth. If the subscriber of theoriginal device is not eligible for communication services then at 712provisioning information can be provided to the original device (e.g.,via OTA provisioning by the identity provisioning function 350 such asthrough use of registration simulation platform 675) that causesdisabling the use of the particular IMSI by the original device. In oneembodiment, if the IMSI has not already been reassigned then it can beremoved from the listing of designated IMSIs and provided to anothercommunication device (e.g., the identity proxy function 250 can forwardthe IMSI automatically to the MSC 240/VLR 245 for completion ofregistration associated with a new device that utilizes the IMSI).

If on the other hand the subscriber of the original device is eligiblefor communication services then at 714 the original device can beauthorized to utilize the particular IMSI (e.g., if it is determinedthat the particular IMSI has not yet been reassigned) or the originaldevice can be provisioned with another IMSI (e.g., if it is determinedthat the original IMSI has already been reassigned to another device).In one embodiment, the new IMSI reassigned to the original device can beselected from the listing of designated IMSI (which is not included inthe subset of IMSIs that has already been reassigned). Method 700 canthen proceed to 706 where the registration process is completed.

While for purposes of simplicity of explanation, the respectiveprocesses are shown and described as a series of blocks in FIG. 7, it isto be understood and appreciated that the claimed subject matter is notlimited by the order of the blocks, as some blocks may occur indifferent orders and/or concurrently with other blocks from what isdepicted and described herein. Moreover, not all illustrated blocks maybe required to implement the methods described herein.

In one or more embodiments, eligibility for services can be determinedaccording to a viability of the UICC. For example, if it is determinedthat the UICC is no longer compatible with the network (e.g., it cannotperform certain functions requested by the network or cannot facilitatecertain communication services) then the device/UICC can be designatedas being ineligible for service and provisioning information can be sentto the device (e.g., via registration simulation platform 675) tonullify or otherwise disable use of the IMSI by that device/UICC. In oneembodiment, if it is determined that the UICC is not viable or otherwiseis incompatible with the network then the subscriber of the originaldevice can be provided with a request to upgrade the UICC (which may ormay not utilize the same IMSI), such as forwarding a message includingan offer to the original device. In this example, the IMSI can beremoved from the listing of designated IMSIs. One or more of thedeterminations described with respect to any of the exemplaryembodiments can be made by the identity proxy function 250, the identityprovisioning function 350, or another network device.

FIG. 8 depicts an illustrative embodiment of a communication system 800(e.g., a Long Term Evolution (LTE) system) that provides communicationservices such as to a communication device 810. The communication device810 can be various types of devices such as a mobile phone or otherdevices that utilize an IMSI for establishing communication services.The types of communication services can vary including voice services,video, data and/or messaging. System 800 enables IMSI re-use by the sameor other communication devices through use of an identity proxy function850 and an identity provisioning function 899. System 800 can performmany of the same functions as described with respect to system 200including intercepting a registration request with an IMSI, determiningan identity of a device requesting registration, processing registrationrequests according to whether the IMSI is a designated IMSI and whetherthe IMSI has already been reassigned to another device, reassigning anIMSI to an original device that has come back online, reauthorizing useof an original IMSI for an original device that has returned to beingservice eligible, and so forth.

System 800 can utilize the identity proxy function 850 to performfunctions similar to those described with respect to the identity proxyfunction 250 of system 200 for facilitating the re-use of IMSIs. System800 can include various components that facilitate providing thecommunication services, including an eNodeB (eNB) 825 that functions ashardware that communicates directly wirelessly with mobile handsetssimilar to the BSS of the GSM network of system 200, a MobilityManagement Entity (MME) 840 that functions as a control-node for the LTEaccess-network, and a Home Subscriber Server (HSS) 860 that functions asa central database to contain user-related and subscription-relatedinformation and which provides user authentication and accessauthorization functionality. The HSS 860 is similar to the HLR 260 andAUC 270 of the GSM network of system 200. Other components can also beincluded in the system 800 such as an EIR, S-GW, PDN GW, ePDG, SGSN andso forth.

In one or more embodiments, the identity proxy function 850 can bepositioned between the eNB 825 and the MME 840 so that the IMSI isreceived by the identity proxy function 850 prior to being processed bythe MME 840. In one embodiment, an interface 855 can be establishedbetween the identity proxy function 850 and other network components,such as the HSS 860. For example, the interface 855 can enable theidentity proxy function 850 to communicate directly with the HSS 860 soas to bypass communication with the MME 840. For instance and asdescribed herein, the identity proxy function 850 can simulatefunction(s) of the MME 840 such as RES comparison and the interface 855can enable obtaining data needed for the RES comparison.

System 800 can utilize an identity provisioning function 899 forprovisioning information to the communication device 810, such as areassigned IMSI, nullification information that disables the use of anold IMSI at an original device, an offer to obtain a reassigned IMSI,and so forth. In one embodiment, identity provisioning function 899 canalso propagate other information to other network elements, such asnotifications that an IMSI from the listing of designated IMSIs has beenreassigned or has been removed from the IMSI, an inactive or activestatus change for a device, and so forth to various network elementssuch as the HSS 860, the EIR, and so forth. The provisioning orpropagation of information to the communication device 810 can beperformed in a number of different ways, including utilizing aregistration simulation platform (e.g., performing function similar tothat of registration simulation platform 675 in FIG. 6), an OTA gateway880 and/or a messaging gateway 890. The functions performed by theidentity proxy function 850 and the identity provisioning function 899in managing IMSI reuse can vary. In one embodiment, the identity proxyfunction 850 can be utilized as a point of IMSI screening and furtherdeterminations as to what steps should be taken to manage the particularIMSI can be made by the identity provisioning function 899 based on adetection or screening message received by the identity provisioningfunction 899 from the identity proxy function 850. In other embodiments,the identity proxy function 850 can take a more active role indeterminations of the appropriate steps to be taken to manage theparticular IMSI.

In one embodiment, the HSS 860 can be provisioned with reassigned IMSIsto facilitate the registration of a new device that has received areassigned IMSI from an original device. In one embodiment, the identityproxy function 850 can simulate a registration process to force thecommunication device 810 to generate a RES (similar to the processdescribed with respect to FIG. 5) so that the identity proxy function850 can determine whether the device requesting registration is anoriginal device or a new device.

In one embodiment, the identity proxy function 850 can obtain an IMSI ofthe communication device 810 attempting to register and can determinethe identity of that device. Based upon the IMSI and the identity of thecommunication device 810, a determination can be made (e.g., by theidentity proxy function 850 and/or the identity provisioning function899) whether to allow the registration to proceed (to the MME 840),reassign an IMSI to the communication device, provide provisioninginformation that disables use of the IMSI by the communication deviceand/or take other appropriate actions to facilitate managing use andreuse of IMSI.

For example, the communication device 810 can initiate an attachprocedure by transmitting an attach request to the eNB 825 so that theeNB can derive the appropriate MME from the Radio Resource Control (RRC)parameters carrying the old Globally Unique Mobility Management EntityIdentifier (GUMMEI) and the indicated Selected Network. The attachrequest (i.e., registration request) can be received by the identityproxy function 850 (e.g., from the eNB 825). In one embodiment, theattach request can include a Globally Unique Temporary UE Identity(GUTI) which has the GUMMEI and also has the M-TMSI, which identifiesthe particular device. This identification allows the identity proxyfunction 850 to ascertain whether the particular device is a new devicethat has been reassigned the IMSI from the listing of designated IMSIsor is the original device that was previously associated with the IMSIprior to the reassignment. In this example, the identity proxy function850 can obtain the IMSI in a number of different ways. For example, ifthe communication device 810 identifies itself with a GUTI, then theGUTI can be used to derive the old MME/SGSN address, and anIdentification Request can be sent to the old MME/SGSN to request theIMSI. In another embodiment, the identity proxy function 850 can send anIdentity Request to the communication device 810 to request the IMSI.

In one embodiment such as where the identity proxy function 850 isunable to obtain device identity information (e.g., the GUTI) for thecommunication device 810, the identity proxy function 850 can simulatethe registration process of the MME 840 to obtain information thatenables discerning whether the communication device 810 is a new devicethat has been reassigned the IMSI or is the original device that waspreviously associated with the IMSI prior to the reassignment. As anexample, the identity proxy function 850 can simulate the registrationprocess of the MME 840 so as to obtain a RES generated by thecommunication device 810 according to an EPS AKA algorithm. From thatgenerated RES, the identity proxy function 850 can detect whether thecommunication device 810 is the new device that has been reassigned theIMSI or is the original device that was previously associated with theIMSI prior to the reassignment. In this example, the identity proxyfunction 850 can communicate with other necessary components forobtaining data that is utilized in the registration process (e.g. amutual authentication process) such as bypassing the MME 840 andcommunicating via the interface 855 with the HSS 860 to obtainauthentication vectors (e.g., RAND, AUTN, XRES, K_(ASME)). The HSS 860generates authentication vector(s) using the EPS AKA algorithm andforwards them back to the identity proxy function 850. The identityproxy function 850 can select one of the authentication vectors (if morethan one was received) and can use it to perform mutual authenticationwith the communication device 810 by forwarding the RAND and AUTN_(HSS)to the communication device, which then computes RES, AUTN_(UE) andK_(ASME) using the EPS AKA algorithm. The communication device 810 canthen compare its own AUTN_(UE) and AUTN_(HSS) received from the identityproxy function 850. Once authenticated, the communication device 810 canforward the RES to the identity proxy function 850, which can thendetermine from a comparison of the XRES received from the HSS 860 withthe RES generated by the communication device whether the particulardevice is the original device or the new device since different RESswill be generated based on different secret keys (LTE K) stored atdifferent UICCs. In this example, since the identity proxy function 850requested the authentication vectors, the HSS 860 will provide them backto the identity proxy function via interface 855 rather than providingthem to the MME 840.

In one embodiment, rather than utilizing the interface 855, system 800can utilize first and second identity proxy functions 850 that arepositioned between the communication device 810 and the MME 840 andpositioned between the MME 840 and the HSS 260 (shown in dashed lines inFIG. 8), respectively. The first and second identity proxy functions 850can communicate with each other, such as to bypass the MME 840 when theidentity proxy functions 850 are simulating a registration process ofthe MME 840 and forcing the communication device 810 to generate a RES.In one embodiment, once the identity proxy function 850 has determinedthe identity of the device (original device vs. new device), theidentity proxy function 850 can require that the communication device810 perform a re-registration.

In one or more embodiments, system 800 enables receiving, by theidentity proxy function 850, a registration request associated with thecommunication device 810 where the registration request includes an IMSIof the communication device. System 800 enables accessing, by theidentity proxy function 850, information that identifies a group ofIMSIs and that indicates a subset of the group of IMSIs that have beenreassigned to other communication devices. Responsive to a firstdetermination that the IMSI is not included in the group of IMSIs or asecond determination that the IMSI is included in the subset of thegroup of IMSIs, system 800 enables providing, by the identity proxyfunction 850, the registration request to a registration function (e.g.,the MME 840 and/or the HSS 860) for completing a registration processfor the communication device which allows for communication services atthe communication device. In one embodiment, system 800 enablesreceiving, by the identity proxy function 850, device identificationdata for the communication device 810. A third determination can then beperformed as to whether the communication device 810 is one of the othercommunication devices that has received a reassignment of one of thesubset of the group of international mobile subscriber identities, wherethe third determination is based on the device identification data, andwhere the providing the registration request to the registrationfunction for completing the registration process is according to thethird determination. In one embodiment, the device identification datacomprises an IMEI. In one embodiment, the IMEI is obtained from thecommunication device 810. In one embodiment responsive to a thirddetermination that the IMSI is included in the subset of the group ofIMSIs and that the communication device 810 is not one of the othercommunication devices that has received a reassignment of one of thesubset of the group of IMSIs, system 800 enables providing, via theidentity provisioning function 899, the communication device withprovisioning information. The provisioning information causes one ofdisabling use of the IMSI by the communication device, reassignment ofanother IMSI from the group of IMSIs that is not included in the subsetof the group of IMSIs, or a combination thereof. In one embodiment, thesystem 800 enables receiving, by the identity proxy function 850, anIMEI from the communication device 810, wherein the third determinationis based on the IMEI. In one embodiment responsive to a thirddetermination that the communication device 810 is eligible for service,that the IMSI is included in the group of IMSIs, and that the IMSI isnot included in the subset of the group of IMSIs, the system 800 enablesremoval of the IMSI from the group of IMSIs and further enablesproviding, by the identity proxy function 850, the registration requestto the registration function for completing the registration process forthe communication device. In one embodiment, system 800 enablesdetermining a functionality of a universal integrated circuit card ofthe communication device 810 that stores the IMSI, where the removal ofthe IMSI from the group of IMSIs and the providing the registrationrequest to the registration function are based on a fourth determinationthat the functionality of the universal integrated circuit card iscompatible with the communication services associated with thecommunication device. In one embodiment, the identity proxy function 850is a stand-alone server located between the eNB 825 and the MME 840, andthe registration function is performed by the MME 840 utilizing servicesof the HSS 860. In one embodiment, the provisioning information can beprovided to the communication device by the identity provisioningfunction via an OTA interface, where the OTA instructions go through theidentity proxy function 850.

In one embodiment, the system 800 enables receiving, by the identityproxy function 850, a signed response message generated by thecommunication device 810 based on a random challenge; and performing, bythe identity proxy function, a third determination that thecommunication device is one of the other communication devices that hasreceived a reassignment of one of the subset of the group of IMSIs,where the third determination is based on the signed response message,and where the providing the registration request to the registrationfunction for completing the registration process is according to thethird determination. In one embodiment, the system 800 enablesproviding, by the identity proxy function 850, the random challenge tothe communication device 810.

FIG. 9 depicts an illustrative embodiment of a communication device 900.Communication device 900 can serve in whole or in part as anillustrative embodiment of the devices depicted in FIGS. 2-6 and 8 andcan be configured to perform portions of method 700 of FIG. 7. Wherecommunication device 900 is an end user device, it can include a UICC975 that stores or otherwise manages use of an IMSI for registering thecommunication device. In one embodiment, the communication device 900can be an end user device that performs operations including: providinga registration request that is received by an identity proxy functionoperating in a server, where the registration request includes a firstIMSI of the communication device; responsive to a determination that thefirst IMSI has been reassigned to another communication device and thatthe communication device 900 is not the other communication device,receiving provisioning information that includes a second IMSI; andfacilitating a registration process that utilizes the second IMSI andthat enables communication services at the communication device. In oneembodiment, the provisioning information includes disabling informationthat disables use of the first IMSI by the communication device 900,where the registration process utilizes a secret key that was previouslyassociated with the first IMSI prior to the first IMSI being reassignedto the other communication device, and where the receiving of theprovisioning information is responsive to determining that thecommunication device is eligible for the communication services.

In another embodiment, the communication device 900 can be a networkdevice (e.g., a network server executing the identity proxy function250, 850 and/or the identity provisioning function 350, 899) thatperforms operations including: receiving an IMSI of a communicationdevice; accessing information that identifies a group of IMSIs and thatindicates a subset of the group of IMSIs that have been reassigned toother communication devices; and, responsive to a first determinationthat the IMSI is included in the subset of the group of IMSIs and thatthe communication device is not one of the other communication devicesthat has received a reassignment of one of the subset of the group ofIMSIs, providing the communication device with provisioning informationthat disables use of the IMSI by the communication device. In oneembodiment, the communication device 900 can, responsive to determiningthat use of the IMSI by the communication device has been nullified,provide a notification to or otherwise perform a removal of the IMSIfrom the group of IMSIs. In one embodiment, the communication device 900can, receive an IMEI from the communication device, where the firstdetermination is based on the IMEI. In one embodiment, the communicationdevice 900 can, perform a second determination that the communicationdevice is not service eligible, where the providing the communicationdevice with the provisioning information is responsive to the seconddetermination. In one embodiment, the communication device 900 can,responsive to a second determination that the IMSI is included in thesubset of the group of IMSIs and that the communication device is one ofthe other communication devices that has received a reassignment of oneof the subset of the group of IMSIs, providing a registration request toa registration function for completing a registration process for thecommunication device that enables communication services at thecommunication device. In one embodiment, the provisioning informationenables reassignment of another IMSI from the group of IMSIs that is notincluded in the subset of the group of IMSIs, and where thecommunication device 900 can provide a registration request to aregistration function for completing a registration process for thecommunication device utilizing the other IMSI. In one embodiment, theregistration process for the communication device utilizing the otherIMSI is further based on a secret key that was previously associatedwith the IMSI prior to the reassignment of the other IMSI to thecommunication device.

Communication device 900 can include more or less than the componentsdescribed herein. For example, communication device 900 can comprise awireline and/or wireless transceiver 902 (herein transceiver 902), auser interface (UI) 904, a power supply 914, a location receiver 916, amotion sensor 918, an orientation sensor 920, and a controller 906 formanaging operations thereof. The transceiver 902 can support short-rangeor long-range wireless access technologies such as Bluetooth®, ZigBee®,WiFi, DECT, or cellular communication technologies, just to mention afew (Bluetooth® and ZigBee® are trademarks registered by the Bluetooth®Special Interest Group and the ZigBee® Alliance, respectively). Cellulartechnologies can include, for example, CDMA-1×, UMTS/HSDPA, GSM/GPRS,TDMA/EDGE, EV/DO, WiMAX, SDR, LTE, as well as other next generationwireless communication technologies as they arise. The transceiver 902can also be adapted to support circuit-switched wireline accesstechnologies (such as PSTN), packet-switched wireline accesstechnologies (such as TCP/IP, VoIP, etc.), and combinations thereof.

The UI 904 can include a depressible or touch-sensitive keypad 908 witha navigation mechanism such as a roller ball, a joystick, a mouse, or anavigation disk for manipulating operations of the communication device900. The keypad 908 can be an integral part of a housing assembly of thecommunication device 900 or an independent device operably coupledthereto by a tethered wireline interface (such as a USB cable) or awireless interface supporting for example Bluetooth®. The keypad 908 canrepresent a numeric keypad commonly used by phones, and/or a QWERTYkeypad with alphanumeric keys. The UI 904 can further include a display910 such as monochrome or color LCD (Liquid Crystal Display), OLED(Organic Light Emitting Diode) or other suitable display technology forconveying images to an end user of the communication device 900. In anembodiment where the display 910 is touch-sensitive, a portion or all ofthe keypad 908 can be presented by way of the display 910 withnavigation features.

The display 910 can use touch screen technology to also serve as a userinterface for detecting user input. As a touch screen display, thecommunication device 900 can be adapted to present a user interface withgraphical user interface (GUI) elements that can be selected by a userwith a touch of a finger. The touch screen display 910 can be equippedwith capacitive, resistive or other forms of sensing technology todetect how much surface area of a user's finger has been placed on aportion of the touch screen display. This sensing information can beused to control the manipulation of the GUI elements or other functionsof the user interface. The display 910 can be an integral part of thehousing assembly of the communication device 900 or an independentdevice communicatively coupled thereto by a tethered wireline interface(such as a cable) or a wireless interface.

The UI 904 can also include an audio system 912 that utilizes audiotechnology for conveying low volume audio (such as audio heard inproximity of a human ear) and high volume audio (such as speakerphonefor hands free operation). The audio system 912 can further include amicrophone for receiving audible signals of an end user. The audiosystem 912 can also be used for voice recognition applications. The UI904 can further include an image sensor 913 such as a charged coupleddevice (CCD) camera for capturing still or moving images.

The power supply 914 can utilize common power management technologiessuch as replaceable and rechargeable batteries, supply regulationtechnologies, and/or charging system technologies for supplying energyto the components of the communication device 900 to facilitatelong-range or short-range portable applications. Alternatively, or incombination, the charging system can utilize external power sources suchas DC power supplied over a physical interface such as a USB port orother suitable tethering technologies.

The location receiver 916 can utilize location technology such as aglobal positioning system (GPS) receiver capable of assisted GPS foridentifying a location of the communication device 900 based on signalsgenerated by a constellation of GPS satellites, which can be used forfacilitating location services such as navigation. The motion sensor 918can utilize motion sensing technology such as an accelerometer, agyroscope, or other suitable motion sensing technology to detect motionof the communication device 900 in three-dimensional space. Theorientation sensor 920 can utilize orientation sensing technology suchas a magnetometer to detect the orientation of the communication device900 (north, south, west, and east, as well as combined orientations indegrees, minutes, or other suitable orientation metrics).

The communication device 900 can use the transceiver 902 to alsodetermine a proximity to a cellular, WiFi, Bluetooth®, or other wirelessaccess points by sensing techniques such as utilizing a received signalstrength indicator (RSSI) and/or signal time of arrival (TOA) or time offlight (TOF) measurements. The controller 906 can utilize computingtechnologies such as a microprocessor, a digital signal processor (DSP),programmable gate arrays, application specific integrated circuits,and/or a video processor with associated storage memory such as Flash,ROM, RAM, SRAM, DRAM or other storage technologies for executingcomputer instructions, controlling, and processing data supplied by theaforementioned components of the communication device 900.

Other components not shown in FIG. 9 can be used in one or moreembodiments of the subject disclosure. For instance, the communicationdevice 900 can include a reset button (not shown). The reset button canbe used to reset the controller 906 of the communication device 900. Inyet another embodiment, the communication device 900 can also include afactory default setting button positioned, for example, below a smallhole in a housing assembly of the communication device 900 to force thecommunication device 900 to re-establish factory settings. In thisembodiment, a user can use a protruding object such as a pen or paperclip tip to reach into the hole and depress the default setting button.The communication device 900 can also include a slot for adding orremoving the UICC 975 (where it is not an embedded UICC). The UICC 975can be various types of UICCs and can be a Subscriber Identity Module(SIM) card. The UICC 975 can be used for identifying subscriberservices, executing programs, storing subscriber data, and so forth.

The communication device 900 as described herein can operate with moreor less of the circuit components shown in FIG. 9. These variantembodiments can be used in one or more embodiments of the subjectdisclosure.

The communication device 900 can be adapted to perform the functions ofthe devices of FIGS. 2-6 and 8 including communication devices 210, 410,810, as well as the identity proxy functions 250, 850, the identityprovisioning functions 350, 899 and other network components describedherein. It will be appreciated that the communication device 900 canalso represent other devices that can operate in systems 200 and 800. Inaddition, the controller 906 can be adapted in various embodiments toperform the functions 462 which enables management of the re-use ofIMSIs.

Upon reviewing the aforementioned embodiments, it would be evident to anartisan with ordinary skill in the art that said embodiments can bemodified, reduced, or enhanced without departing from the scope of theclaims described below. For example, other factors can be utilized todetermine whether an original device should receive an IMSI from thedesignated group of IMSIs (which has not yet been reassigned) or whetherthe original device should continue to utilize the original IMSI. Forinstance, even though the original IMSI may not yet have beenreassigned, the service provider may desire to reassign another IMSI(from the designated IMSI to be reassigned) such as to facilitatecategorizing devices and/or subscribers based on particular groupings ofIMSIs.

The exemplary embodiments have been described with respect to GSM andLTE networks 200, 800, respectively. However, the exemplary embodimentscan be utilized for managing use of IMSIs in various types of networks.For example in a Universal Mobile Telecommunications System (UMTS)network, IMSI management can be performed as described in the exemplaryembodiments by intercepting a registration request utilizing an identityproxy function (e.g., positioned between the BSS and the Serving GPRSSupport Node (SGSN)). In another example in a General Packet RadioService (GPRS) network, IMSI management can be performed as described inthe exemplary embodiments by intercepting a registration requestutilizing an identity proxy function.

In one or more embodiments, other steps or procedures can be implementedwhen an original device that has been flagged as inactive attempts toregister with the network. For example, when an original device whoseoriginal IMSI has been re-assigned to another device is detected duringa registration request, the network can limit interaction of theoriginal device with the network. For instance, the UICC of the originaldevice can be forced to use a default or bootstrap IMSI which haslimited functionality such as being limited to bootstrap functions(e.g., functions that enable communicating with the network foradministrative reasons including obtaining a reassigned IMSI), a pay forservice mode, and so forth. For instance, a pay for service mode can beimplemented by the default IMSI by allowing registration that enablesaccess to a webpage for selecting and paying for particularcommunication services, such as messaging, voice calls, and so forth. Inone embodiment, the default IMSI can be stored by the UICC in additionto the original IMSI. In one embodiment, the provisioning informationprovided to the UICC can cause the UICC to utilize the default IMSIinstead of the original IMSI. In another embodiment, the identityprovisioning function 350, 899 can provision the default IMSI to theoriginal device rather than provisioning an IMSI from the designatedgroup of IMSIs. The default or bootstrap IMSI can differ from anoriginal IMSI in that the original IMSI can be utilized by a device(e.g., a new device reassigned the original IMSI or the original devicethat is re-authorized to utilize the IMSI) for accessing a full range ofavailable services whereas the default or bootstrap IMSI does notprovide access to the full range of available services, although thedefault or bootstrap IMSI could provide access to a webpage for pay forservice mode. In one embodiment, a same default or bootstrap IMSI can beutilized by numerous devices that have been flagged as inactive.

In one or more embodiments, the intercepting of the IMSI and determiningwhether to allow registration to continue by the identity proxy function250, 850 prevents a failure or other error message from being generatedand/or from being provided to the communication device which could haveadverse effects on the communication device such as disabling OTAinterface of the communication device.

In one or more embodiments, the identity proxy function 250, 850 cancache or otherwise store last successful registration processes forparticular devices to utilize that information for determining whether adevice requesting registration is an original device or a new devicewith a reassigned IMSI. In one embodiment, the device identificationinformation (e.g., an IMEI) can be sourced by one or more other networkelements. Other embodiments can be used in the subject disclosure.

It should be understood that devices described in the exemplaryembodiments can be in communication with each other via various wirelessand/or wired methodologies. The methodologies can be links that aredescribed as coupled, connected and so forth, which can includeunidirectional and/or bidirectional communication over wireless pathsand/or wired paths that utilize one or more of various protocols ormethodologies, where the coupling and/or connection can be direct (e.g.,no intervening processing device) and/or indirect (e.g., an intermediaryprocessing device such as a router).

FIG. 10 illustrates a portion of a system 1000 that providescommunication services to end user devices or other devices, such ascommunication device 1010. System 1000 can be part of or combined withall or a portion of system 200 of FIG. 2, system 800 of FIG. 8 oranother network such as a GPRS or UMTS network. The communication device1010 can be various types of devices such as a mobile phone or otherdevices that utilize an IMSI for establishing communication services.The types of communication services can vary including voice services,video, data and/or messaging. System 1000 enables IMSI re-use by thesame or other communication devices through use of an identity proxyfunction 1050 (which can perform some or all of the functions describedwith respect to identity proxy functions 250, 850) and an identityprovisioning function 1099 (which can perform some or all of thefunctions described with respect to identity proxy functions 350, 899).System 1000 provides for registration of communication devices throughuse of a registration function 1060, such as an MSC/VLR and/or HLR in aGSM network or an MME and/or HSS in an LTE network.

System 1000 may or may not include intermediate network components inthe message exchange paths. In one embodiment, the communication device1010 can be reassigned an IMSI from a listing of designated IMSIs wherethe IMSI was previously associated with a different communication device(e.g., which has been flagged as an inactive device). In this example at1001, the identity provisioning function 1099 can receive a request, beinstructed or otherwise determine that an IMSI (in a list of designatedIMSIs) is to be reassigned to the communication device 1010. Thecommunication device 1010 can be a new device that needs an IMSI toprovide communication services or can be an existing device thatrequires another IMSI due to some other reason, such as having its ownIMSI reassigned to a different device.

At 1002, the identity provisioning function 1099 can notify theregistration function 1060 (e.g., the HLR 260 in system 200 of FIG. 2 orthe HSS 860 in system 800 of FIG. 8) that the communication device 1010is now associated with the particular reassigned IMSI. This can includedeleting an original IMSI assignment for the communication device 1010and/or adding the new IMSI assignment for the communication device 1010in a database, such as of the HLR 260 or the HSS 860. In one embodiment,this notification can cause the HLR 260 or HSS 860 to perform a databaseupdate such as re-mapping to particular HLR records, adjusting mappingwith respect to MSISDNs, adjusting an identification of availablecommunication services that the subscriber has requested or isauthorized to utilize, adjusting GPRS settings to allow the subscriberto access packet services, and so forth. By notifying the registrationfunction 1060 that the communication device 1010 is now associated withthe particular reassigned IMSI, the communication device 1010 can nowsuccessfully register with the network.

At 1003, the identity provisioning function 1099 can notify the identityproxy function 1050 that the communication device 1010 is now associatedwith the particular reassigned IMSI or can notify the identity proxyfunction that an IMSI in the listing of designated IMSIs has been movedto the subset of designated IMSIs due to reassignment to another device(with or without indicating the particular new device that has beenreassigned the IMSI). In one embodiment, the identity proxy function1050 can already be aware that the IMSI is part of the group of IMSIsdesignated for potential reassignment and can already be aware that anoriginal communication device associated with the particular IMSI hasbeen flagged as inactive. In this example, the identity proxy function1050 can switch a designation of the particular IMSI to being flagged aswithin the subset of the designated IMSIs that have already beenreassigned to another device (i.e., the communication device 1010 inthis example).

System 1000 also illustrates a successful registration of communicationdevice 1010 utilizing the reassigned IMSI from steps 1001-1003. Forexample at 1011, the communication device 1010 (which has beenreassigned the IMSI) can request registration with the network. Aregistration request including the reassigned IMSI can be received bythe registration function 1060 (e.g., an MSC/VLR in a GSM network or anMME in an LTE network). In one embodiment, the registration request canalso be received by the identity proxy function 1050. For instance, theregistration request can be intercepted or otherwise received by theidentity proxy function 1050 and then forwarded to the registrationfunction 1060. A registration process can be performed according to thereassigned IMSI and a secret key that is associated with thecommunication device 1010. The registration function 1060 can be awareof the secret key associated with the communication device 1010 and canbe aware of the reassigned IMSI that is now associated with thecommunication device. The registration process can be similar to theprocesses described herein with respect to GSM or LTE networks, such asa comparison of SRES in GSM or a comparison of RES in LTE. At 1012, asuccessful registration can be communicated to the communication device1010. The particular messaging that makes up the registration requestand the registration process can vary.

FIG. 11 illustrates a portion of a system 1100 that providescommunication services to end user devices, such as communication device1110. System 1100 can be part of or combined with all or a portion ofsystem 200 of FIG. 2, system 800 of FIG. 8, system 1000 of FIG. 10 oranother network such as a GPRS or UMTS network. The communication device1110 can be various types of devices such as a mobile phone or otherdevices that utilize an IMSI for establishing communication services.The types of communication services can vary including voice services,video, data and/or messaging. System 1100 enables IMSI re-use by thesame or other communication devices through use of an identity proxyfunction 1050 (which can perform some or all of the functions describedwith respect to identity proxy functions 250, 850) and an identityprovisioning function 1099 (which can perform some or all of thefunctions described with respect to identity proxy functions 350, 899).System 1100 provides for registration of communication devices throughuse of a registration function 1060, such as an MSC/VLR and/or HLR in aGSM network or an MME and/or HSS in an LTE network.

System 1100 may or may not include intermediate network components inthe message exchange paths. System 1100 illustrates an attemptedregistration by the communication device 1110 utilizing an IMSI that isincluded in the listing of designated IMSIs (e.g., where thecommunication device 1110 is an original device that has been flagged asinactive). For example at 1101, the communication device 1110 canrequest registration with the network. A registration request (e.g.,including an original IMSI that is among the listing of designated IMSIsfor reassignment or has already been reassigned to another device or anIMSI that is not on the designated list) can be received by theregistration function 1060 (e.g., an MSC/VLR in a GSM network or an MMEin an LTE network). In one embodiment, the registration request can alsobe received by the identity proxy function 1050. For instance, theregistration request can be intercepted or otherwise received by theidentity proxy function 1050 and then forwarded to the registrationfunction 1060. A registration process can be performed according to theoriginal IMSI and a secret key that is associated with the communicationdevice 1110. The registration function 1060 can be aware of the secretkey associated with the communication device 1110. The registrationprocess can be similar to the processes described herein with respect toGSM or LTE networks, such as a comparison of SRES in GSM or a comparisonof RES in LTE.

At 1102, a registration error can be generated by the registrationfunction 1060 (e.g., an authentication failure message generated by theMSC/VLR and/or HLR in GSM or by the MME and/or HSS in LTE) and can bereceived by the identity proxy function 1050 from the registrationfunction 1060. In this example, the identity proxy function 1050 canintercept the authentication error message prior to or otherwise toavoid it being received by the communication device 1110. The particularmessaging that makes up the registration request, the registrationprocess and/or the registration error can vary. In one embodiment, theidentity proxy function 1050 can determine that the registration erroris a valid failure for a device that should not be attempting to use theIMSI (such as a third device that is not the original device and is nota new device that has been reassigned the IMSI). For instance, anauthentication failure can be received for a device that is not theoriginal device and is not a new device that has been reassigned theIMSI. In this example, the identity proxy function 1050 can allow theerror process (e.g., an authentication failure messaging) to proceed. Inanother embodiment at 1103, a request for reassignment of another IMSIfrom the listing of the designated IMSIs or authorization to utilize theoriginal IMSI can be provided to the identity provisioning function 1099from the identity proxy function 1050. For instance, the identity proxyfunction 1050 can (e.g., in response to receiving the error message)compare the original IMSI associated with communication device 1110 tothe list of designated IMSIs and the subset of the designated IMSIs todetermine the status of the original IMSI (reassigned vs notreassigned). The identity proxy function 1050 can further determine theidentity of the communication device 1110 (original vs new device) basedon device identification information (e.g., an IMEI, GUTI and so forth).

In one embodiment, where the error message does not include any deviceidentification information and/or the IMSI, the identity proxy function1050 can ascertain the device identification information and/or IMSIfrom the registration request that was previously received orintercepted. For instance, when the identity proxy function 1050 detectsa registration error message (e.g., an AUTHENTICATION REJECT messagefrom an MME), the identity proxy function 1050 can detect within themessage addressing information, message ID information, correlation IDinformation, and so forth, and can further correlate the error messagewith the stored registration request previously intercepted. Thisenables the IMSI and/or device identification information (e.g., GUTI orIMEI) to be determined.

Continuing with this example and based on this information, reassignmentof another IMSI from the listing of the designated IMSIs orauthorization use of the original IMSI can be implemented. In oneembodiment, the identity provisioning function 1099 can notify the HLRor HSS that the user is valid and the HLR or HSS can perform a databaseupdate to enable a subsequent registration utilizing the reassigned IMSIby the device. In this example, the identity proxy function 1050 canalso take action, such as preventing forwarding of the failedregistration to the device, to cause the device to reattempt theregistration. In one embodiment, a determination of a subscriber'seligibility for services can be made. Eligibility for services can bebased on various factors such as suspension of services for non-paymentor other reasons, the device/UICC is no longer compatible with networkor services, and so forth. In another embodiment, a determination of acompatibility of service with a UICC of the communication device 1110can be made. One or both of these determinations can be part of decidingwhether to reassign another IMSI from the listing of the designatedIMSIs, to authorize use of the original IMSI, or to deny services to thecommunication device 1110. These determinations can be made by theidentity provisioning function 1099 or can be made by another networkelement.

If it is determined that an IMSI from the listing of designated IMSIs(which has not yet been reassigned) is to be reassigned to thecommunication device 1110, then at 1104 provisioning information can beprovided by the identity provisioning function 1099 to the registrationfunction 1060 which will enable the communication device to registerwith the network utilizing the reassigned IMSI in conjunction with anoriginal secret key that is associated with the communication device. Inone embodiment, if it is determined that the communication device 1110is to be permitted to reuse its original IMSI (where the original IMSIhas not yet been reassigned to another device), then provisioninginformation can be provided by the identity provisioning function 1099to the registration function 1060 which will enable the communicationdevice to register with the network utilizing the original IMSI inconjunction with the original secret key that is associated with thecommunication device.

If it is determined that a reassigned IMSI is to be provisioned to thecommunication device 1110, then at 1104 provisioning information can beprovided by the identity provisioning function 1099 to the communicationdevice 1110 which will include the reassigned IMSI. As an example, theidentity provisioning function 1099 can provide the reassigned IMSI tothe communication device 1110 utilizing an OTA interface according to anSMS protocol such as through use of a registration simulation platform(e.g., performing function similar to that of registration simulationplatform 675 in FIG. 6). In one embodiment, if it is determined that thecommunication device 1110 is not to be permitted to reuse its originalIMSI (e.g., another IMSI is to be reassigned or the communication device1110 is not eligible for services), then provisioning information can beprovided by the identity provisioning function 1099 to the communicationdevice 1110 to prevent the communication device from attempting toregister with the network utilizing the original IMSI. In oneembodiment, the identity provisioning function 1099 can furthercommunicate with various network elements (e.g., the identity proxyfunction 1050, HLR, HSS, EIR, and so forth) so that the network elementsare informed of the current state of IMSIs and/or communication devices.For example, if an original device is reassigned another IMSI or anoriginal device is nullified from using the original IMSI viaprovisioning information then the identity provisioning function 1099can remove the original IMSI (of that original device) from the listingof designated IMSIs. In these examples, the original IMSI can also thenbe assigned to another device (if not already reassigned).

At 1106 if another IMSI has been reassigned to the communication device1110 or reuse of the original IMSI has been authorized, then thecommunication device 1110 can re-register. For example, the provisioninginformation provided by the identity provisioning function 1099 to thecommunication device 1110 can cause the communication device to initiatea re-registration. The re-registration request can be received andprocessed by the registration function 1060 and based on theprovisioning procedures at steps 1104 and 1105, a successfulregistration message can be provided to the communication device 1110.

FIG. 12 depicts an illustrative embodiment of a method 1200 used bysystems 1000, 1100 for facilitating the re-use of IMSIs. One or more ofthe steps of method 1200 can be performed by the identity proxy function1050, the identity provisioning function 1099 and/or by other devicesdescribed in FIGS. 2-6 and 8-9. At 1202, an error message can bereceived that is associated with a communication device. For instance,the error message can result from a registration request that isgenerated by or caused to be generated by the communication deviceutilizing an IMSI that is part of the listing of designated IMSIs. As anexample in GSM, the identity proxy function 1050 can receive anauthentication failure message from a VLR. As another example in LTE,the identity proxy function 1050 can receive an authentication failuremessage from an MME. In one or more embodiments, the determination of anauthentication failure (e.g., by an HLR or HSS) can be based on an IMSIand secret key combination for a device that is flagged as inactive. Ifthere is no determination of an error (e.g., the IMSI is not included inthe listing of designated IMSIs or the IMSI has been reassigned to a newdevice and the registration request is from that new device) then method1200 can proceed to 1216 so that the registration process can becompleted which enables the communication device to obtain services viathe network.

At 1204, a screening of the IMSI can be performed by the identity proxyfunction 1050. For example, the identity proxy function 1050 candetermine whether the IMSI is included in the designated group of IMSIsand if so can further determine whether the IMSI is included in a subsetof the group which is further designated as having already beenreassigned to another communication device. If the IMSI is not part ofthe designated group of IMSIs then method 1200 can proceed to 1206 forthe authentication failure message to be delivered to the communicationdevice 1110. If on the other hand the IMSI is part of the designatedgroup of IMSIs then a determination can be made at 1206 as to whetherthe error message is for an original device that was associated with theIMSI (e.g., prior to being reassigned) or whether error message is forsome other device. The identification of the particular device can beperformed in a number of different ways, such as based on deviceidentification information (e.g., IMEI). In one embodiment, where theerror message does not include any device identification informationand/or the IMSI, the identity proxy function 1050 can ascertain thedevice identification information and/or IMSI from the registrationrequest that was previously received or intercepted. For instance, whenthe identity proxy function 1050 detects a registration error message(e.g., an AUTHENTICATION REJECT message from an MME), the identity proxyfunction 1050 can detect within the message addressing information,message ID information, correlation ID information, and so forth, andcan further correlate the error message with the stored registrationrequest previously intercepted. This enables the IMSI and/or deviceidentification information (e.g., GUTI or IMEI) to be determined.

If the error message is not for the original device (e.g., a device thatthe IMSI was previously associated with prior to being added to thelisting of designated IMSIs) then method 1200 can proceed to 1206 forthe authentication failure message to be delivered to the communicationdevice 1110. If on the other hand the error message is for the originaldevice then a determination can be made at 1210 as to whether thesubscriber of the original device is eligible for communicationservices. Eligibility for services can be based on various factors andcan be determined by various components or a combination of components,such as based on billing, device hardware requirements, device softwarerequirements, and so forth.

If the subscriber of the original device is not eligible forcommunication services then at 1212 provisioning information can beprovided to the original device (e.g., via OTA provisioning by theidentity provisioning function 1099 such as through use of theregistration simulation platform 675) that causes disabling the use ofthe original IMSI by the original device. In one embodiment, the IMSIcan then be removed from the listing of designated IMSIs.

If on the other hand the subscriber of the original device is eligiblefor communication services then at 1214 the original device can beauthorized to utilize the particular IMSI (e.g., if it is determinedthat the particular IMSI has not yet been reassigned) or the originaldevice can be provisioned, such as through use of the registrationsimulation platform 675, with another IMSI (e.g., if it is determinedthat the original IMSI has already been reassigned to another device)and registration of the device can be completed at 1216.

In one embodiment, the new IMSI reassigned to the original device can beselected from the listing of designated IMSI (which is not included inthe subset of IMSIs that has already been reassigned). In oneembodiment, the communication device 1110 can be instructed tore-register utilizing the new IMSI if one has been reassigned orutilizing the original IMSI if reuse of that original IMSI has beenauthorized.

While for purposes of simplicity of explanation, the respectiveprocesses are shown and described as a series of blocks in FIG. 12, itis to be understood and appreciated that the claimed subject matter isnot limited by the order of the blocks, as some blocks may occur indifferent orders and/or concurrently with other blocks from what isdepicted and described herein. Moreover, not all illustrated blocks maybe required to implement the methods described herein.

FIG. 13 illustrates a portion of a system 1300 that providescommunication services to end user devices or other devices, such ascommunication device 1310. System 1300 can be part of or combined withall or a portion of system 200 of FIG. 2, system 800 of FIG. 8, system1000 of FIG. 10, system 1100 of FIG. 11 or another network such as aGPRS or UMTS network. The communication device 1310 can be various typesof devices such as a mobile phone or other devices that utilize an IMSIfor establishing communication services. The types of communicationservices can vary including voice services, video, data and/ormessaging. System 1300 enables IMSI re-use by the same or othercommunication devices through use of an identity proxy function 1350(which can perform some or all of the functions described with respectto identity proxy functions 250, 850, 1050) and an identity provisioningfunction 1399 (which can perform some or all of the functions describedwith respect to identity proxy functions 350, 899, 1099). System 1300provides for registration of communication devices through use of aregistration function 1360, such as an MSC/VLR and/or HLR in a GSMnetwork or an MME and/or HSS in an LTE network, where an IMSI may or maynot be reassigned to the communication device via the identityprovisioning function 1399.

System 1300 may or may not include intermediate network components inthe message exchange paths. System 1300 illustrates an attemptedregistration by the communication device 1310 which has been flagged asinactive (e.g., services have been suspended, failure to register overthreshold time period, and so forth). The identity proxy function 1350facilitates registration of devices where the particular IMSI is abootstrap IMSI 1311 or an IMSI 1312 that the network does not want thecommunication device to utilize for registration, such as an IMSI thathas already been reassigned to another device. FIG. 13 illustrates bothof IMSIs 1311, 1312, but the communication device 1310 can have one orthe other of the IMSIs, such as stored in a UICC of the communicationdevice. In this embodiment, the identity proxy function 1350 canintercept or otherwise receive the IMSI, such as based on intercepting aregistration request (e.g., prior to the registration request beingprovided to an MSC/VLR and/or HLR in GSM as illustrated in FIG. 2 orprior to the registration request being provided to an MME and/or HSS inLTE as illustrated in FIG. 8). In another embodiment, the identity proxyfunction 1350 can intercept or otherwise receive the IMSI which isassociated with a registration error, such as an authentication failuremessage as illustrated in FIG. 11. A bootstrap IMSI 1311 can be an IMSIthat provides for limited functionality such as being limited tobootstrap functions (e.g., functions that enable communicating with thenetwork for administrative reasons including obtaining a reassignedIMSI), a pay for service mode, and so forth. For instance, a pay forservice mode can be implemented by the bootstrap IMSI 1311 by allowingregistration that enables access to a webpage for selecting and payingfor particular communication services, such as messaging, voice calls,and so forth. The bootstrap IMSI 1311 can differ from an original IMSI1312 in that the original IMSI can be utilized by a device (e.g., a newdevice reassigned the original IMSI or the original device that isre-authorized to utilize the IMSI) for accessing a full range ofavailable services whereas the default or bootstrap IMSI does notprovide access to the full range of available services, although thedefault or bootstrap IMSI could provide access to a webpage for pay forservice mode. In one embodiment, a same bootstrap IMSI 1311 can beutilized by numerous devices that have been flagged as inactive.

In one embodiment at 1301, the original device 1310 can requestregistration with the network where the identity proxy function 1350 candetermine whether or not the particular IMSI is part of a group ofdesignated IMSIs. In one embodiment, the group of designated IMSIs caninclude bootstrap IMSIs and/or IMSIs that the network does not wantutilized by the original devices (e.g., where the IMSI has already beenreassigned to another device). In one embodiment, bootstrap IMSIs can beIMSIs that provide for limited use by a communication device. Forinstance, the limited use of a bootstrap IMSI can include enablingcommunication with network element(s) for initiating or otherwisefacilitating a registration process and/or provisioning of another IMSIwithout enabling user communication services (e.g., voice, video, data,messaging) at the communication device utilizing the bootstrap IMSI.

In one embodiment, the identity proxy function 1350 can identify theparticular device requesting registration with the network. For example,device identification information (e.g., an IMEI or GUTI) can beobtained for the original device 1310, such as being received fromdevice 1310 (e.g., in the registration request) or obtained from anothernetwork element (e.g., from an Identification Request sent to the oldMME/SGSN to request the IMSI). As another example, if the IMSI has notyet been reassigned but is part of a group of IMSIs designated forpotential reassignment then the identity proxy function 1350 candetermine that the device requesting registration is the original device1310 that has been flagged as inactive. In another embodiment,identification of the device can be based on simulating a registrationprocess and forcing a generation of an SRES (in GSM) or RES (in LTE) bythe communication device 1310, as described herein.

In one embodiment, registration simulation platform 675 can be utilized(e.g., positioned between the communication device 1310 and the VLR inGSM or positioned between the communication device and the MME in LTE).As described herein, the simulating network can send an OTA message tothe device that can cause the modification of the device IMSI and cancause the device to perform a re-registration to the target network. Forexample, the simulating network can comprise a set of functionalelements that exist in the target network including an MSC/VLR, a MME, aHLR or HSS, an AUC, a SMSC, an OTA platform, a SGW, a PGW, an EIR and/orany combination thereof. In one embodiment, the registration simulationplatform 675 can simulate a registration of the communication device1310, identify the communication device from the secret key and/or fromother identification information (e.g., IMEI or GUTI) and/or can causethe communication device to change from the bootstrap IMSI 1311 to anactive IMSI via OTA.

In one embodiment, the identity proxy function 1350 and/or the identityproxy function 1399 can determine whether the original device 1310 iseligible for services. If the original device 1310 is not eligible forservices (e.g., suspension of services for non-payment or other reasons,device/UICC is no longer compatible with network or services, and soforth) then the identity proxy function 1350 can cause or otherwisefacilitate or enable provisioning information to be provided (e.g., viathe identity provisioning function 1399) to the original device 1310 tocause the original device to disable its use of an original IMSI 1312.In this example, the original IMSI 1312 can then be removed from thedesignated listing of IMSIs and can instead be included with other IMSIs(e.g., that have never been used before) that are eligible forassignment.

In one embodiment, if the communication device 1310 is eligible forservices then the identity provisioning function 1399 can implement areassignment of another IMSI 1313 (e.g., from a listing of IMSIs thatare designated for reassignment) for the device 1310. For example at1302, responsive to a determination that an IMSI reassignment iswarranted (e.g., a bootstrap IMSI is being utilized, the original IMSIhas already been reassigned to another device, and/or a subscriber ofthe original device 1310 is eligible for services) then the identityproxy function 1350 can provide a request to the identity provisioningfunction 1399 for the other IMSI 1313 or the determination can be madeby the identity provisioning function 1399. In one embodiment, theoriginal device 1310 can continue to utilize its original secret key(which is mapped to the original device by the network such as in an HLRor HSS). In one embodiment, the determination of eligibility forservices can be made by the identity provisioning function 1399 suchthat the identity proxy function 1350 automatically transmits therequest to the identity provisioning function 1399 for another IMSIresponsive to a determination that the IMSI is in the listing ofdesignated IMSIs and the identity provisioning function 1399 can approveor deny the request.

Continuing with this example at 1303, the identity provisioning function1399 can notify various network elements (e.g., the HLR 260, the AUC270, an EIR, the HSS 860, and/or a national SIM manager) that thecommunication device 1310 is now associated with the particularreassigned IMSI 1313. In one embodiment, this transmitting of networkprovisioning data can cause the HLR 260 or HSS 860 to delete (orotherwise note the change of) an original IMSI assignment for thecommunication device 1310 and/or add the new IMSI assignment for thecommunication device 1310 in its database. In one embodiment, thisnotification can cause the HLR 260 or the HSS 860 to perform a databaseupdate such as re-mapping to particular HLR records, adjusting mappingwith respect to MSISDNs, adjusting an identification of availablecommunication services that the subscriber has requested or isauthorized to utilize, adjusting GPRS settings to allow the subscriberto access packet services, and so forth. In one or more embodiments, theHLR 260 and/or the HSS 860 may or may not have information correspondingto the bootstrap IMSI 1311.

In one embodiment at 1304, the identity provisioning function 1399 canprovide provisioning information to the communication device 1310, suchas via an OTA interface (e.g., using an SMS protocol such as throughregistration simulation platform 675). The provisioning information cancause the UICC to be adjusted so that the reassigned IMSI 1313 is nowutilized by the communication device 1310 for communication services. At1305, the communication device 1310 can then attempt to re-registerutilizing the reassigned IMSI 1313. The identity proxy function 1350 canreceive the re-registration request for the communication device 1310,which now includes the reassigned IMSI 1313, and at 1306-1308 theregistration process (e.g., via the VLR 245 and the HLR 260 in system200 or via the MME 840 and the HSS 860 in LTE) can be completed based onthe reassigned IMSI 1313. In one or more embodiments, the identityprovisioning function 1399 can provision an NSM with the reassigned IMSI1313 for the original device where the secret key of the original deviceis already known. In another embodiment, the identity provisioningfunction 1399 can be integrated with equipment of the NSM. In oneembodiment, a billing system can detect the change in IMSI for the UICCand can provision some or all other network elements necessary forenabling call processing (e.g., HLR 260, AUC 270, MME 840 and/or HSS860). In one embodiment, the identity proxy function 1350 and/or theidentity provisioning function 1399 can provide instructions to thecommunication device 1310 that causes the communication device toinitiate a re-registration utilizing the re-assigned IMSI 1313.

FIG. 14 depicts an illustrative embodiment of a method 1400 used bysystem 1300 for facilitating the reassignment of IMSIs where a device isattempting to register utilizing a bootstrap IMSI or utilizing an IMSIthat the network does not want the device to continue to utilize. One ormore of the steps of method 1400 can be performed by the identity proxyfunction 1350, the identity provisioning function 1399 and/or by otherdevices described in FIGS. 2-6, 8-11 and 13. At 1402, an IMSI can bereceived that is associated with a communication device. For instance,the IMSI can be part of a registration request that is generated by orcaused to be generated by the communication device 1310 or can beassociated with an authentication failure caused by use of theparticular IMSI (e.g., the IMSI has been reassigned and theIMSI/original secret key combination is no longer valid and thus cannotbe authenticated). At 1404, a determination of the status of the ISMIcan be made. For example, the identity proxy function 1350 can determinewhether the IMSI is included in a designated group of IMSIs (e.g., abootstrap IMSI or an IMSI that the network does not want the device tocontinue to utilize). In one embodiment, if the IMSI is not part of thedesignated group of IMSIs then the registration process can be continuedby forwarding the registration request and/or IMSI to the registrationfunction 1360 (e.g., MSC/VLR in GSM or MME in LTE) to perform theregistration at 1406. If on the other hand the IMSI is part of thedesignated group of IMSIs then a determination can be made at 1408 as towhether the registration request is for an original device that wasassociated with the IMSI (e.g., prior to being reassigned) or whetherthe registration request is for another device (e.g., a new device thathas been reassigned the IMSI). The identification of the particulardevice can be performed in a number of different ways, such as based ondevice identification information (e.g., IMEI or GUTI), simulating aregistration process to force an SRES or RES generation by the devicefrom which the device identification can be determined, and so forth.

In one embodiment, if the registration request and the IMSI are from anew device that has been reassigned the IMSI then the registrationprocess can be continued by forwarding the registration request and/orIMSI to the MSC/VLR (in GSM) or the MME (in LTE) to perform theregistration at 1406. In another embodiment, if the registration requestand the IMSI are from another device that has not been authorized toutilize the IMSI (and which is not the original device associated withthat IMSI) then an authentication failure can be generated. In oneembodiment, provisioning information can be sent to that particularcommunication device which is not authorized to utilize the IMSI, wherethe provisioning information causes nullification of the use of thatparticular IMSI by the UICC of that particular communication device.

If on the other hand the registration request and the IMSI are from anoriginal device (e.g., a device that the IMSI was previously associatedwith prior to being added to the listing of designated IMSIs) then adetermination can be made at 1410 as to whether the subscriber of theoriginal device is eligible for communication services. Eligibility forservices can be based on various factors and can be determined byvarious components or a combination of components, such as based onbilling, device hardware requirements, device software requirements,user requests, and so forth. In one embodiment, if the subscriber of theoriginal device is not eligible for communication services then at 1412provisioning information can be provided to the original device (e.g.,via OTA provisioning by the identity provisioning function 1399 such asthrough use of registration simulation platform 675) that causesdisabling the use of the particular IMSI by the original device (e.g.,where the IMSI is not bootstrap IMSI 1311 but rather is original IMSI1312). In one embodiment, if the IMSI 1312 has not already beenreassigned and the IMSI 1312 is not to be utilized by the communicationdevice 1310 then it can be removed from the listing of designated IMSIsto be provided to another communication device.

If on the other hand the subscriber of the original device is eligiblefor communication services then at 1414 the original device can beauthorized to utilize the particular IMSI (e.g., if it is determinedthat the particular IMSI has not yet been reassigned) or the originaldevice can be provisioned (e.g., utilizing registration simulationplatform 675) with another IMSI (e.g., if it is determined that theoriginal IMSI has already been reassigned to another device or if theIMSI is the bootstrap IMSI 1311). In one embodiment, the new IMSI 1313that is reassigned to the original device 1310 can be selected from alisting of designated IMSI that are to be reassigned to devices. Method1400 can then proceed to 1406 where the registration process iscompleted, such as by forwarding instructions to the communicationdevice 1310 to cause a re-registration. In one embodiment, if theoriginal device 1310 is utilizing the bootstrap IMSI 1311 andeligibility for services is approved then a new IMSI or the originalIMSI 1312 will need to be utilized by the original device to accessservices since the bootstrap IMSI does not provide direct access to theservices.

While for purposes of simplicity of explanation, the respectiveprocesses are shown and described as a series of blocks in FIG. 14, itis to be understood and appreciated that the claimed subject matter isnot limited by the order of the blocks, as some blocks may occur indifferent orders and/or concurrently with other blocks from what isdepicted and described herein. Moreover, not all illustrated blocks maybe required to implement the methods described herein.

In one or more embodiments, eligibility for services can be determinedaccording to a viability of the UICC, such as whether the UICC cancomply with requirements of the network (e.g., it can perform certainsecurity functions, provide certain notifications requested by thenetwork, and/or can facilitate certain communication services). In oneembodiment, if it is determined that the UICC is not viable or otherwiseis incompatible with the network then the subscriber of the originaldevice can be provided with a request to upgrade the UICC (which may ormay not utilize the same IMSI), such as forwarding a message includingan offer to the original device. In one embodiment, confirmation that aparticular IMSI is no longer being utilized by a communication devicecan result in that particular IMSI being removed from the listing ofdesignated IMSIs. One or more of the determinations described withrespect to any of the exemplary embodiments can be made by the identityproxy function 1350, the identity provisioning function 1399, or anothernetwork device.

In one or more embodiments, the communication device 1310 can have botha bootstrap IMSI 1311 and an original IMSI 1312 (e.g., stored in theUICC). In one embodiment, the communication device 1310 or the UICC canswitch from utilizing the original IMSI 1312 to utilizing the bootstrapIMSI 1311 responsive to detecting a triggering event. For example, acommunication device 1310 can monitor for a time period from a lastsuccessful registration of the communication device utilizing theoriginal IMSI 1312. If the time period exceeds a particular threshold(e.g., six months) then the communication device and/or the UICC canswitch to utilizing the bootstrap IMSI 1311.

In one or more embodiments, the communication device 1310 can beprovisioned with the bootstrap IMSI 1311 and may or may not continue tostore and/or utilize the original IMSI 1312 (e.g., stored in the UICC).For example, bootstrap IMSIs can be provisioned to all or some devicesvia the identity provisioning function 1399 utilizing an OTA interface,such as via SMS or HTTP-based protocol (e.g., through use ofregistration simulation platform 675). In one embodiment, particularcommunication devices can be selected for receiving bootstrap IMSIsbased on various criteria, such as based on older devices that arepredicted to be going offline in the near future, subscriber billinghistory, and so forth.

In one or more embodiments, the communication device 1310 can beprovisioned with a bootstrap IMSI 1311 at the time that the devicereceives its IMSI such as a reassigned IMSI 1313. In one or moreembodiments, the group of designated IMSIs can include a first subset ofIMSIs designated for limited use (e.g., bootstrap IMSIs), a secondsubset of IMSIs designated as having been reassigned to othercommunication devices, and/or a third subset of IMSIs designated forpotential reassignment but that have not yet been reassigned to othercommunication devices.

In one or more embodiments, the bootstrap IMSI 1311 can be utilized forproviding a subscriber with an option to obtain a reassigned IMSI (e.g.,via OTA provisioning by the identity provisioning function 1399 such asby utilizing registration simulation platform 675) and/or to obtain payfor services, such as access to a website that allows purchasingparticular services for particular lengths of times, and so forth. Inone embodiment, the same bootstrap IMSI can be utilized for multipledevice. In another embodiment, different bootstrap IMSIs can be utilizedfor different devices.

FIG. 15 illustrates a portion of a system 1500 that providescommunication services to end user devices or other devices, such ascommunication devices 1510-1510 n. System 1500 can be part of orcombined with all or a portion of system 200 of FIG. 2, system 1000 ofFIG. 10, system 1100 of FIG. 11, system 1300 of FIG. 13, or anothernetwork such as an EPS, GPRS or UMTS network. The communication devices1510-1510 n can be various types of devices such as an M2M device, anIoT device, a smart appliance, a utility meter, a fixed device, a mobiledevice, a vehicle communication system, or other devices that utilize anIMSI for establishing communication services. The types of communicationservices can vary including voice services, video, data and/ormessaging. System 1500 enables the same IMSI to be utilized by more thanone communication device such as through use of a steering function inconjunction with unique device identifiers. System 1500 provides forregistration of communication devices through use of a registrationfunction, such as an MSC/VLR and/or HLR in a GSM network.

System 1500 may or may not include intermediate network components inthe message exchange paths. System 1500 illustrates a registration by acommunication device 1510 utilizing an IMSI that is shared with one ormore other communication devices (illustrated as 1510 n). Each of thecommunication devices 1510-1510 n can have unique device identificationinformation (e.g., an IMEI, eUICC platform ID, MAC address, and soforth) and can also utilize their own secret keys for initiating and/orperforming the registration process (e.g., generating an SRES).

In one embodiment at 1501, a first communication device 1510 can requestregistration with the network where the registration request is receivedby the MSC/VLR 1545. In this embodiment the MSC and VLR are shown as onedevice but in another embodiment could also be separate devices. In oneembodiment, the first communication device 1510 can send both an IMSIand a unique device identifier (e.g., an IMEI) to the MSC/VLR 1545. Inanother embodiment, this unique device identifier can be identificationassociated with an eUICC. In another embodiment, a location updatemessage can be utilized for delivering this information to the MSC/VLR1545. Other techniques for obtaining the unique device identifier canalso be employed by system 1500, including use of registrationsimulation platform 675 of FIG. 6. In one embodiment, the MSC/VLR 1545can store the IMSI and the device identifier (e.g., indexed to eachother), and can use them to uniquely identify the first communicationdevice 1510 (against one or more other communication devices 1510 n thatmay attempt to register utilizing the same IMSI but would have differentdevice identifiers). In one embodiment, the MSC/VLR 1545 can have thecapability of distinguishing between a set of IMSI instances using theIMSI and a unique device identifier.

In one embodiment, the MSC/VLR 1545 can generate an authenticationrequest directed to an HLR 260, such as using (or otherwise including)both the IMSI and the device identifier. In one embodiment, a steeringfunction 1575 can intercept the authentication request and at 1502 cansteer it or otherwise transmit it to an HLR based on network policiesfor the IMSI and device identifier combination. In one embodiment, thesteering function 1575 can be integrated with the MSC/VLR 1545. Inanother embodiment, the steering function 1575 can be a separate device,such as interfacing with the MSC/VLR 1545 via a Diameter Routing Agent.As an example and as illustrated in FIG. 15, multiple HLRs 260 can beutilized where each HLR contains a single instance of a shared IMSI. Inthis example, the steering function 1575 can determine the appropriateHLR for receiving the authentication request according to the IMSI andthe device identifier. Continuing with this example, the HLR 260 may notneed to utilize (and/or know) the unique device identifier since it onlyhas one instance of the IMSI and can rely on that IMSI for its databaselookup. In another embodiment, a single HLR 260 can be used for sharedIMSIs, where the single HLR has the capability of distinguishingcommunication devices based on an IMSI and a mapping to a unique deviceidentifier as shown in the example of stored data at the HLR shown inFIG. 16.

In one or more embodiments, the combination of IMSI and deviceidentifier would be known by the MSC/VLR 1545, the steering function1575 and/or the HLR 260 (e.g., where a single HLR is being utilized)prior to an attempt at registration. Once the HLR 260 receives theauthentication request, the target HLR can provide authenticationtriplets to the MSC/VLR 1545 based on the IMSI (e.g., where multipleHLRs are being utilized that each have only one instance of the IMSI)and/or based on the combination of IMSI and unique device identifier(e.g., where a single HLR is being utilized that has multiple instancesof the IMSI that are each indexed by a different unique deviceidentifier). In one embodiment, the HLR 260 can communicate with the AUC270 for obtaining the authentication triplets. The MSC/VLR 1545 canreceive the authentication triplets from the HLR 260 and can initiatethe authentication procedure with the first communication device 1510.In one embodiment once authentication is successful, the MSC/VLR 1545can assign a unique temporary ID, such as a P-TMSI, to the firstcommunication device 1510. This unique temporary ID can allow each ofthe communication devices 1510-1510 n using the shared IMSI to be pagedon its own.

In one embodiment, system 1500 can operate without utilizing theregistration simulation platform 675 (e.g., illustrated in FIG. 6). Inanother embodiment, system 1500 can operate without utilizing theidentity proxy function 250 (e.g., illustrated in FIGS. 2 and 6)positioned between the MSC/VLR 1545 and the communication device 1510.In one embodiment, the functionality of the MSC/VLR 1545 and/or the HLR260 can be adjusted so that IMSI use by different devices can bedistinguished according to unique device identifiers (e.g., an IMEI). Inone embodiment, the combination of the IMSI and the unique deviceidentifier is known and stored by various network elements (e.g., one ormore of the MSC/VLR 1545, the steering function 1575, the HLR 260 and soforth) such as prior to any registration attempt. In one or moreembodiments, system 1500 can utilize an identity provisioning function1599 to provide various network elements (e.g., one or more of theMSC/VLR 1545, the steering function 1575, the HLR 260 and so forth) withnetwork provisioning data such as combinations of IMSIs and uniquedevice identifiers.

FIG. 17 illustrates a portion of a system 1700 that providescommunication services to end user devices or other devices, such ascommunication devices 1510-1510 n. System 1700 can be part of orcombined with all or a portion of system 800 of FIG. 8, system 1000 ofFIG. 10, system 1100 of FIG. 11, system 1300 of FIG. 13, or anothernetwork such as an EPS, GPRS or UMTS network. System 1700 can operatesimilar to system 1500 but can utilize protocols and componentsassociated with LTE communications. The communication devices 1510-1510n can be various types of devices such as an M2M device, an Iot device,a smart appliance, a utility meter, a fixed device, a mobile device, avehicle communication system, or other devices that utilize an IMSI forestablishing communication services. The types of communication servicescan vary including voice services, video, data and/or messaging. System1700 enables the same IMSI to be utilized by more than one communicationdevice such as through use of the steering function 1575 in conjunctionwith unique device identifiers. System 1700 provides for registration ofcommunication devices through use of a registration function, such as anMME and/or HSS in an LTE network. System 1700 may or may not includeintermediate network components in the message exchange paths. System1700 illustrates a registration by a communication device 1510 utilizingan IMSI that is shared with one or more other communication devices(illustrated as 1510 n). Each of the communication devices 1510-1510 ncan have unique device identification information, such as a GUTI, andcan also utilize their own secret keys for initiating and/or performingthe registration process.

In one embodiment at 1701, a first communication device 1510 can requestregistration with the network where the registration request is receivedby the MME 1740. In one embodiment, the first communication device 1510can send both an IMSI and a unique device identifier (e.g., an GUTI) tothe MME 1740, such as during an initial Attach procedure. In oneembodiment, this unique device identifier can be an eUICC platform ID.In another embodiment, multiple messages (Attach Request (IMSI) andIdentify Response (GUTI)) can be utilized for delivering thisinformation from the communication device 1510 to the MME 1740.Although, any number of messages can be utilized for obtaining the ISMIand unique device identification, such as a single message or two ormore messages. Other techniques can be utilized for obtaining the uniquedevice identification, such as an Identification Request sent to an oldMME/SGSN and/or use of registration simulation platform 675 of FIG. 6for forcing a RES generation. In one embodiment, the MME 1740 can storethe IMSI and the device identifier together (e.g., mapped to eachother), and can use them to uniquely identify the first communicationdevice 1510 (against one or more other communication devices 1510 n thatmay attempt to register utilizing the same IMSI but with differentdevice identifiers). In one embodiment, the MME 1740 can have thecapability of distinguishing between a set of IMSI instances using theIMSI and a unique device identifier.

In one embodiment, the MME 1740 can generate an authentication requestdirected to an HSS 860, such as using (or otherwise including) both theIMSI and the device identifier. In one embodiment, the steering function1575 can intercept the authentication request and at 1702 can steer itor otherwise transmit it to an HSS based on policies for the IMSI anddevice identifier combination. In one embodiment, the steering function1575 can be integrated with the MME 1740. In another embodiment, thesteering function 1575 can be a separate device, such as interfacingwith the MME 1740 via a Diameter Routing Agent. As an example and asillustrated in FIG. 17, multiple HSSs 860 can be utilized where each HSScontains a single instance of a shared IMSI. In this example, thesteering function 1575 can determine the appropriate HSS for receivingthe authentication request according to the IMSI and device identifier.Continuing with this example, the HSS 860 may not need to utilize(and/or know) the unique device identifier since it only has oneinstance of the IMSI and can rely on that IMSI. In another embodiment, asingle HSS 860 can be used for shared IMSIs, where the single HSS hasthe capability of distinguishing communication devices based on IMSI anda mapping to a unique device identifier (similar to the example ofstored data shown in FIG. 16).

In one or more embodiments, the combination of IMSI and deviceidentifier would be known by the MME 1740, the steering function 1575and/or the HSS 860 (e.g., where a single HSS is being utilized), such asprior to an attempt at registration. Once the HSS 860 receives theauthentication request, the target HSS can provide authenticationvectors to the MME 1740 based on the IMSI (e.g., where multiple HSSs arebeing utilized that each have only one instance of the IMSI) and/orbased on the combination of IMSI and unique device identifier (e.g.,where a single HSS is being utilized that has multiple instances of theIMSI that are each indexed by a unique device identifier). The MME 1740can receive the authentication vectors from the HSS 860 and can initiatethe authentication procedure with the first communication device 1510.In one embodiment once authentication is successful, the MME 1740 canassign a unique temporary ID, such as a P-TMSI or GUIT, to the firstcommunication device 1510. This unique temporary ID can allow each ofthe communication devices 1510-1510 n using the shared IMSI to be pagedon its own or to otherwise facilitate network services. For instance theunique temporary ID can be assigned to the first communication device1510 after a successful authentication or at some other time during orafter registration.

In one embodiment, system 1700 can operate without utilizing theregistration simulation platform 675. In another embodiment, system 1700can operate without utilizing the identity proxy function 850 positionedbetween the MME 1740 and the communication device 1510. In oneembodiment, the functionality of the MME 1740 and/or the HSS 860 can beadjusted so that IMSI use by different devices can be distinguishedaccording to unique device identifiers (e.g., a GUTI). In oneembodiment, the combination of the IMSI and the unique device identifieris known and stored by various network elements (e.g., one or more ofthe MME 1740, the steering function 1575, the HSS 860 and so forth) suchas prior to any registration attempt. In one or more embodiments, system1700 can utilize an identity provisioning function 1599 to providevarious network elements (e.g., one or more of the MME 1740, thesteering function 1575, the HSS 860 and so forth) with networkprovisioning data such as combinations of IMSIs and unique deviceidentifiers.

FIG. 18 depicts an illustrative embodiment of a method 1800 used bysystems 1500 and/or 1700 for facilitating the use of a same IMSI by morethan one communication device. One or more of the steps of method 1800can be performed by various network elements, such as a steeringfunction, a registration function, a VLR, an HLR, an MME, an HSS, and/orby other devices described in FIGS. 2-6, 8-11, 13, 15 and 17. At 1802,an IMSI can be received that is associated with a first communicationdevice attempting to register with a network, where the IMSI has beenassigned to one or more other communication devices which may or may notbe registered with that network. The one or more other communicationdevices can be located remoted from the first communication deviceand/or can be located in proximity thereto, such as at the samepremises. In one embodiment, the IMSI can be shared by communicationdevices associated with the same subscriber. In another embodiment, theIMSI can be shared by communication devices of a same type (e.g. a smartmeter) which may or may not be associated with the same subscriber andwhich may or may not be located in proximity or at the same premises. Inone embodiment, HLRs and/or HSSs can be established per subscriberand/or per groups of subscribers. In another embodiment, HLRs and/orHSSs can be established per premises, per groups of premises and/or pergeographic locations. In another embodiment, the HLRs and/or HSSs can beestablished according to device types (e.g. a smart meter) which may ormay not be associated with the same subscriber and which may or may notbe located in proximity or at the same premises.

For instance, the IMSI can be part of a registration request that isgenerated by or caused to be generated by the communication device 1510.At 1804, a determination of the status of the ISMI can be made. Forexample, a VLR or MME can determine that the IMSI is included in adesignated group of IMSIs that are shared by multiple devices. In oneembodiment, if the IMSI is not part of the designated group of IMSIsthen the registration process can be continued (with or withoutobtaining unique device identification information for the device) byforwarding the registration request and/or IMSI to the registrationfunction to perform the registration at 1806. If on the other hand theIMSI is part of the designated group of IMSIs then a determination of anidentity of the particular device requesting registration can beperformed. For example, the identification of the particular device canbe performed in a number of different ways, such as by receiving orrequesting device identification information (e.g., IMEI or GUTI)including via an Attach Request and/or Identify Response in an EPSsystem, simulating a registration process to force an SRES or RESgeneration by the device from which the device identification can bedetermined, and so forth.

In one embodiment at 1808 where multiple registration functions arebeing utilized that each include only one instance of the IMSI, aselection of a first registration function from among a group ofregistration functions according to the device identificationinformation can be performed. For instance, the group of registrationfunctions (e.g., HLRs or HSSs) can store subscriber informationincluding IMSIs that are indexed to device identifications. At 1810, anauthentication request can be transmitted to the selected firstregistration function (without being transmitted to any of the otherregistration functions), where the first registration function storesfirst subscriber information including the IMSI that is indexed to thefirst communication device and where a second registration function ofthe group of registration functions stores second subscriber informationincluding the single IMSI that is indexed to the second communicationdevice. In this example, the second registration function does not storethe first subscriber information and the first registration functiondoes not store the second subscriber information. The transmitting ofthe authentication request to the first registration function can enablethe first communication device to complete a registration process. Theuse of the same IMSI for more than one device as described with respectto FIGS. 15-18 can also be utilized with one or more features describedwith respect to other embodiments herein, such as OTA provisioningutilizing a registration simulation, bootstrap IMSIs for enablingprovisioning of a same IMSI to more than one device, disabling devicesfrom utilizing a shared IMSI such as for suspension of services, and soforth. In one or more embodiments, an identity proxy function and/or anidentity provisioning function can be used in conjunction with thesteering function 1575 for enabling various features described withrespect to the embodiments of FIGS. 2-14. In one embodiment, othertechniques can be employed that enable OTA interfacing with devices,such as special registration. For example, National Identity Register(NIR) equipment can register devices as warm devices (i.e., providinglimited services for non-customers) that allow OTA (e.g. via SMSprotocol) to occur. In one or more embodiments, the provisioning of thenew IMSI can be performed by utilizing a limited registration thatresults in the device being a warm device while the IMSI is beingprovisioned via OTA to that device. In one embodiment, a simulatedregistration can be performed by a registration simulation platform suchas using an original IMSI (without being performed by the registrationfunction) and a second registration can be performed by the registrationfunction using a new IMSI (without being performed by the registrationsimulation platform).

FIG. 19 depicts an exemplary diagrammatic representation of a machine inthe form of a computer system 1900 within which a set of instructions,when executed, may cause the machine to perform any one or more of themethods described above. One or more instances of the machine canoperate, for example, as the identity proxy functions 250, 850, 1050,1350, the identity provisioning functions 350, 899, 1099, 1399, 1599,the steering functions 1599, and/or other network elements (e.g.,MSC/VLR, HLR, MME, HSS) or end user devices for facilitating the use ofthe same IMSI by multiple devices, intercepting authentication requests,determining a particular device that is utilizing a shared IMSI,intercepting other messages such as registration requests or errormessages, determining identities of devices, and/or managing the use andreassignment of the IMSIs, including through the use of a bootstrapIMSI, and so forth. In some embodiments, the machine may be connected(e.g., using a network 1926) to other machines. In a networkeddeployment, the machine may operate in the capacity of a server or aclient user machine in a server-client user network environment, or as apeer machine in a peer-to-peer (or distributed) network environment.

The machine may comprise a server computer, a client user computer, apersonal computer (PC), a tablet, a smart phone, a laptop computer, adesktop computer, a control system, a network router, switch or bridge,or any machine capable of executing a set of instructions (sequential orotherwise) that specify actions to be taken by that machine. It will beunderstood that a communication device of the subject disclosureincludes broadly any electronic device that provides voice, video ordata communication. Further, while a single machine is illustrated, theterm “machine” shall also be taken to include any collection of machinesthat individually or jointly execute a set (or multiple sets) ofinstructions to perform any one or more of the methods discussed herein.

The computer system 1900 may include a processor (or controller) 1902(e.g., a central processing unit (CPU)), a graphics processing unit(GPU, or both), a main memory 1904 and a static memory 1906, whichcommunicate with each other via a bus 1908. The computer system 1900 mayfurther include a display unit 1910 (e.g., a liquid crystal display(LCD), a flat panel, or a solid state display). The computer system 1900may include an input device 1912 (e.g., a keyboard), a cursor controldevice 1914 (e.g., a mouse), a disk drive unit 1916, a signal generationdevice 1918 (e.g., a speaker or remote control) and a network interfacedevice 1920. In distributed environments, the embodiments described inthe subject disclosure can be adapted to utilize multiple display units1910 controlled by two or more computer systems 1900. In thisconfiguration, presentations described by the subject disclosure may inpart be shown in a first of the display units 1910, while the remainingportion is presented in a second of the display units 1910.

The disk drive unit 1916 may include a tangible computer-readablestorage medium 1922 on which is stored one or more sets of instructions(e.g., software 1924) embodying any one or more of the methods orfunctions described herein, including those methods illustrated above.The instructions 1924 may also reside, completely or at least partially,within the main memory 1904, the static memory 1906, and/or within theprocessor 1902 during execution thereof by the computer system 1900. Themain memory 1904 and the processor 1902 also may constitute tangiblecomputer-readable storage media.

Dedicated hardware implementations including, but not limited to,application specific integrated circuits, programmable logic arrays andother hardware devices can likewise be constructed to implement themethods described herein. Application specific integrated circuits andprogrammable logic array can use downloadable instructions for executingstate machines and/or circuit configurations to implement embodiments ofthe subject disclosure. Applications that may include the apparatus andsystems of various embodiments broadly include a variety of electronicand computer systems. Some embodiments implement functions in two ormore specific interconnected hardware modules or devices with relatedcontrol and data signals communicated between and through the modules,or as portions of an application-specific integrated circuit. Thus, theexample system is applicable to software, firmware, and hardwareimplementations.

In accordance with various embodiments of the subject disclosure, theoperations or methods described herein are intended for operation assoftware programs or instructions running on or executed by a computerprocessor or other computing device, and which may include other formsof instructions manifested as a state machine implemented with logiccomponents in an application specific integrated circuit or fieldprogrammable gate array. Furthermore, software implementations (e.g.,software programs, instructions, etc.) including, but not limited to,distributed processing or component/object distributed processing,parallel processing, or virtual machine processing can also beconstructed to implement the methods described herein. Distributedprocessing environments can include multiple processors in a singlemachine, single processors in multiple machines, and/or multipleprocessors in multiple machines. It is further noted that a computingdevice such as a processor, a controller, a state machine or othersuitable device for executing instructions to perform operations ormethods may perform such operations directly or indirectly by way of oneor more intermediate devices directed by the computing device.

While the tangible computer-readable storage medium 1922 is shown in anexample embodiment to be a single medium, the term “tangiblecomputer-readable storage medium” should be taken to include a singlemedium or multiple media (e.g., a centralized or distributed database,and/or associated caches and servers) that store the one or more sets ofinstructions. The term “tangible computer-readable storage medium” shallalso be taken to include any non-transitory medium that is capable ofstoring or encoding a set of instructions for execution by the machineand that cause the machine to perform any one or more of the methods ofthe subject disclosure. The term “non-transitory” as in a non-transitorycomputer-readable storage includes without limitation memories, drives,devices and anything tangible but not a signal per se.

The term “tangible computer-readable storage medium” shall accordinglybe taken to include, but not be limited to: solid-state memories such asa memory card or other package that houses one or more read-only(non-volatile) memories, random access memories, or other re-writable(volatile) memories, a magneto-optical or optical medium such as a diskor tape, or other tangible media which can be used to store information.Accordingly, the disclosure is considered to include any one or more ofa tangible computer-readable storage medium, as listed herein andincluding art-recognized equivalents and successor media, in which thesoftware implementations herein are stored.

Although the present specification describes components and functionsimplemented in the embodiments with reference to particular standardsand protocols, the disclosure is not limited to such standards andprotocols. Each of the standards for Internet and other packet switchednetwork transmission (e.g., TCP/IP, UDP/IP, HTML, HTTP) representexamples of the state of the art. Such standards are from time-to-timesuperseded by faster or more efficient equivalents having essentiallythe same functions. Wireless standards for device detection (e.g.,RFID), short-range communications (e.g., Bluetooth®, WiFi, Zigbee®), andlong-range communications (e.g., WiMAX, GSM, CDMA, LTE) can be used bycomputer system 1900. In one or more embodiments, information regardinguse of services can be generated including services being accessed,media consumption history, user preferences, and so forth. Thisinformation can be obtained by various methods including user input,detecting types of communications (e.g., video content vs. audiocontent), analysis of content streams, and so forth. The generating,obtaining and/or monitoring of this information can be responsive to anauthorization provided by the user. In one or more embodiments, ananalysis of data can be subject to authorization from user(s) associatedwith the data, such as an opt-in, an opt-out, acknowledgementrequirements, notifications, selective authorization based on types ofdata, and so forth.

The illustrations of embodiments described herein are intended toprovide a general understanding of the structure of various embodiments,and they are not intended to serve as a complete description of all theelements and features of apparatus and systems that might make use ofthe structures described herein. Many other embodiments will be apparentto those of skill in the art upon reviewing the above description. Theexemplary embodiments can include combinations of features and/or stepsfrom multiple embodiments. Other embodiments may be utilized and derivedtherefrom, such that structural and logical substitutions and changesmay be made without departing from the scope of this disclosure. Figuresare also merely representational and may not be drawn to scale. Certainproportions thereof may be exaggerated, while others may be minimized.Accordingly, the specification and drawings are to be regarded in anillustrative rather than a restrictive sense.

Although specific embodiments have been illustrated and describedherein, it should be appreciated that any arrangement which achieves thesame or similar purpose may be substituted for the embodiments describedor shown by the subject disclosure. The subject disclosure is intendedto cover any and all adaptations or variations of various embodiments.Combinations of the above embodiments, and other embodiments notspecifically described herein, can be used in the subject disclosure.For instance, one or more features from one or more embodiments can becombined with one or more features of one or more other embodiments. Inone or more embodiments, features that are positively recited can alsobe negatively recited and excluded from the embodiment with or withoutreplacement by another structural and/or functional feature. The stepsor functions described with respect to the embodiments of the subjectdisclosure can be performed in any order. The steps or functionsdescribed with respect to the embodiments of the subject disclosure canbe performed alone or in combination with other steps or functions ofthe subject disclosure, as well as from other embodiments or from othersteps that have not been described in the subject disclosure. Further,more than or less than all of the features described with respect to anembodiment can also be utilized.

Less than all of the steps or functions described with respect to theexemplary processes or methods can also be performed in one or more ofthe exemplary embodiments. Further, the use of numerical terms todescribe a device, component, step or function, such as first, second,third, and so forth, is not intended to describe an order or functionunless expressly stated so. The use of the terms first, second, thirdand so forth, is generally to distinguish between devices, components,steps or functions unless expressly stated otherwise. Additionally, oneor more devices or components described with respect to the exemplaryembodiments can facilitate one or more functions, where the facilitating(e.g., facilitating access or facilitating establishing a connection)can include less than every step needed to perform the function or caninclude all of the steps needed to perform the function.

In one or more embodiments, a processor (which can include a controlleror circuit) has been described that performs various functions. Itshould be understood that the processor can be multiple processors,which can include distributed processors or parallel processors in asingle machine or multiple machines. The processor can be used insupporting a virtual processing environment. The virtual processingenvironment may support one or more virtual machines representingcomputers, servers, or other computing devices. In such virtualmachines, components such as microprocessors and storage devices may bevirtualized or logically represented. The processor can include a statemachine, application specific integrated circuit, and/or programmablegate array including a Field PGA. In one or more embodiments, when aprocessor executes instructions to perform “operations”, this caninclude the processor performing the operations directly and/orfacilitating, directing, or cooperating with another device or componentto perform the operations.

The Abstract of the Disclosure is provided with the understanding thatit will not be used to interpret or limit the scope or meaning of theclaims. In addition, in the foregoing Detailed Description, it can beseen that various features are grouped together in a single embodimentfor the purpose of streamlining the disclosure. This method ofdisclosure is not to be interpreted as reflecting an intention that theclaimed embodiments require more features than are expressly recited ineach claim. Rather, as the following claims reflect, inventive subjectmatter lies in less than all features of a single disclosed embodiment.Thus the following claims are hereby incorporated into the DetailedDescription, with each claim standing on its own as a separately claimedsubject matter.

What is claimed is:
 1. A method comprising: selecting from among a groupof registration devices, by a processing system including a processor, afirst registration device, wherein the group of registration devicesstores subscriber information including international mobile subscriberidentities that are indexed to device identifications, wherein the firstregistration device is selected from among the group of registrationdevices depending upon a value of a first device identification for afirst communication device, wherein a single international mobilesubscriber identity is associated with a registration request by thefirst communication device, and wherein the single international mobilesubscriber identity is associated with the first communication deviceand is associated with a second communication device; and transmitting,by the processing system, an authentication request to the firstregistration device that had been selected in dependence upon the valueof the first device identification for the first communication device,wherein the first registration device stores first subscriberinformation, wherein the first subscriber information includes thesingle international mobile subscriber identity that is indexed to thefirst device identification for the first communication device, whereina second registration device of the group of registration devices storessecond subscriber information, wherein the second subscriber informationincludes the single international mobile subscriber identity that isindexed to a second device identification for the second communicationdevice, wherein the second registration device does not store all of thefirst subscriber information, wherein the first registration device doesnot store all of the second subscriber information, and wherein thetransmitting of the authentication request to the first registrationdevice enables the first communication device to complete a registrationprocess.
 2. The method of claim 1, wherein the group of registrationdevices comprises a plurality of home location registers (HLRs), whereinthe first registration device is a first home location register (HLR) ofthe plurality of HLRs, and wherein the second registration device is asecond HLR of the plurality of HLRs.
 3. The method of claim 1, whereinthe group of registration devices comprises a plurality of homesubscriber servers (HSSs), wherein the first registration device is afirst home subscriber server (HSS) of the plurality of HSSs, and whereinthe second registration device is a second HSS of the plurality of HSSs.4. The method of claim 1, wherein the first registration device does notstore a portion of the second subscriber information that is directed tothe second device identification for the second communication device. 5.The method of claim 1, wherein the second registration device does notstore a portion of the first subscriber information that is directed tothe first device identification for the first communication device. 6.The method of claim 1, wherein the first and second communicationdevices have different secret keys, and wherein a first secret key ofthe first communication device is utilized in the registration process.7. The method of claim 1, wherein a temporary identification is providedto the first communication device subsequent to a successfulauthentication.
 8. The method of claim 1, wherein the firstcommunication device is a machine-to-machine communication device. 9.The method of claim 1, wherein the authentication request comprises afirst request to verify the single international mobile subscriberidentity and a second request for authentication triplets.
 10. Themethod of claim 1, wherein the first device identification comprises aninternational mobile station equipment identity number.
 11. The methodof claim 1, wherein the second device identification comprises aninternational mobile station equipment identity number.
 12. The methodof claim 1, wherein the authentication request comprises a first requestto verify the single international mobile subscriber identity and asecond request for authentication vectors.
 13. The method of claim 1,wherein the first device identification comprises a Globally UniqueTemporary UE Identity.
 14. The method of claim 1, wherein the seconddevice identification comprises a Globally Unique Temporary UE Identity.15. The method of claim 1, wherein the processing system comprises asteering function that is co-located with a mobility management entity.16. The method of claim 1, further comprising providing, via an identityprovisioning function, network provisioning data to a visitor locationregister, a mobility management entity, an authentication center, anequipment identity register, a national SIM manager, or a combinationthereof, and wherein the network provisioning data indicates anassignment of the single international mobile subscriber identity to thefirst and second communication devices.
 17. A non-transitorymachine-readable storage medium comprising executable instructions that,when executed by a processing system of a first communication devicethat includes a processor, facilitate performance of operations, theoperations comprising: providing a registration request with a singleinternational mobile subscriber identity to a network server, whereinthe single international mobile subscriber identity is associated withthe first communication device and is associated with a secondcommunication device; and providing a first device identification forthe first communication device to the network server, wherein theproviding of the single international mobile subscriber identity and thefirst device identification facilitates the network server transmittingan authentication request to a selected registration device that isselected from among a group of registration devices that storesubscriber information including international mobile subscriberidentities that are indexed to device identifications, wherein a firstregistration device of the group of registration devices stores firstsubscriber information, wherein the first subscriber informationincludes the single international mobile subscriber identity that isindexed to the first device identification for the first communicationdevice, wherein a second registration device of the group ofregistration devices stores second subscriber information, wherein thesecond subscriber information includes the single international mobilesubscriber identity that is indexed to a second device identificationfor the second communication device, wherein the selected registrationdevice to which the authentication request is transmitted is selecteddepending upon a value of the first device identification for the firstcommunication device, and wherein the transmitting of the authenticationrequest to the selected registration device enables the firstcommunication device to complete a registration process.
 18. Thenon-transitory machine-readable storage medium of claim 17, wherein: ina first case the group of registration devices comprises a plurality ofhome location registers (HLRs), the first registration device is a firsthome location register (HLR) of the plurality of HLRs, and the secondregistration device is a second HLR of the plurality of HLRs; and in asecond case the group of registration devices comprises a plurality ofhome subscriber servers (HSSs), the first registration device is a firsthome subscriber server (HSS) of the plurality of HSSs, and the secondregistration device is a second HSS of the plurality of HSSs.
 19. Adevice, comprising: a processing system including a processor; and amemory that stores executable instructions that, when executed by theprocessing system, facilitate performance of operations, the operationscomprising: receiving a single international mobile subscriber identityassociated with a registration request by a first communication device,wherein the single international mobile subscriber identity isassociated with the first communication device and is associated with asecond communication device, and wherein a first device identificationis associated with the first communication device; and transmitting anauthentication request to a selected registration device that isselected from among a group of registration devices that storesubscriber information including international mobile subscriberidentities that are indexed to device identifications, wherein a firstregistration device of the group of registration devices stores firstsubscriber information, wherein the first subscriber informationincludes the single international mobile subscriber identity that isindexed to the first communication device, wherein a second registrationdevice of the group of registration devices stores second subscriberinformation, wherein the second subscriber information includes thesingle international mobile subscriber identity that is indexed to asecond device identification for the second communication device,wherein the selected registration device to which the authenticationrequest is transmitted is selected depending upon a value of the firstdevice identification for the first communication device, and whereinthe transmitting of the authentication request to the selectedregistration device enables the first communication device to complete aregistration process.
 20. The device of claim 19, wherein the firstregistration device does not store a portion of the second subscriberinformation that is directed to the second device identification for thesecond communication device.